z11
May 26, 2014, 10:28am
1
share a file with friends or other people without trusting any third party
Maybe coincidence, but here’s Onionshare
Free App Lets the Next Snowden Send Big Files Securely and Anonymously
http://www.reddit.com/r/netsec/comments/265d7e/onionshare_securely_and_anonymously_share_a_file/
Securely and anonymously share files, host websites, and chat with friends using the Tor network - GitHub - onionshare/onionshare: Securely and anonymously share files, host websites, and chat with...
Patrick, could this have value as an integration or documentation for Whonix?
This project got a lot of press and attention.
Onionshare could be simple. Since apparently is uses Tor’s ControlPort, thanks to Control Port Filter Proxy (onion-grater, a Tor Control Port Filter Proxy - filtering dangerous Tor Control Port commands - Design Documentation - Whonix ) and thanks to dummytor (Dev/anon-ws-disable-stacked-tor - Whonix ), probably no changes on Whonix-Workstation are required.
On Whonix-Gateway, CPFP needs an additional configuration snippet. Check CPFP’s log for commands, that onionshare not yet has access to.
tail -f /var/log/controlportfilt.logA quick look at onionshare’s code tells me, that the following instructions could be sufficient to get it started:
I might try myself at some point. I am waiting for a secure method to get the software:
opened 09:17PM - 26 May 14 UTC
closed 04:25AM - 30 May 14 UTC
Please provide signed git tags.
This would require some code changes in CPFP. Globing matches instead of exact matches for the whitelist, because onionshare uses for example.
SETCONF HiddenServiceDir="/tmp/onionshare_hidden_service_52825" HiddenServicePort="80 127.0.0.1:52825"But that’s not the biggest issue. I did some experimental CPFP changes on my hdd and came as far as this.
onionshare README.mdCalculating SHA1 checksum.
Connecting to Tor control port to set up hidden service on port 52825.
Traceback (most recent call last):
File "/usr/bin/onionshare", line 10, in <module>
onionshare.main()
File "/usr/lib/python2.7/dist-packages/onionshare/onionshare.py", line 146, in main
onion_host = get_hidden_service_hostname(port)
File "/usr/lib/python2.7/dist-packages/onionshare/onionshare.py", line 57, in get_hidden_service_hostname
return open(hostname_file, 'r').read().strip()
IOError: [Errno 2] No such file or directory: '/tmp/onionshare_hidden_service_52825/hostname'
The problem is, that to get the .onion address, onionshare has to read a file on the hdd. But Tor runs on a different system than onionshare. Tor lacks a feature to set/get onion key and hostname through Tor Control Protocol:
Same issue as with torsion:
opened 06:59PM - 31 Mar 14 UTC
enhancement
packaging
Whonix is Debian based and its gateway VM would be need to setup to run the hidd… en service while the workstation VM runs the UI and backend that directs its connected to the gateway where the Tor client is running.
Example on how TorChat is setup in Whonix: http://zo7fksnun4b4v4jv.onion/wiki/Chat#TorChat
Ideas:
Maybe a --tempfolder option could be included into onionshare + give Whonix-Workstation access to some folder on Whonix-Gateway. Very hacky. Probably not worth it.
Modify onionshare to use an existing .onion address instead of an dynamically created one. (Then it would be similar to Onion Services - Whonix or Instant Messenger Chat instructions.)
Money/time would be better spent to get the missing features implemented into Tor. Unfortunately, the latter is outside my current abilities.
Instructions on getting onionshare to work in Whonix progressed far although they are still unfinished: Next - Whonix
Help would be welcome with the following two required control port filter python features that are missing to add onionshare support.
…since I am busy with various stuff , and since @troubadour is busy with various stuff and our new…
Patrick
January 10, 2017, 10:27am
7
1 Like
Patrick
January 10, 2017, 10:55am
8
ongoing discussion:decide if we should install onionshare by default in Whonix 14⚓ T595 install onionshare by default in Whonix 15
Patrick
March 10, 2017, 1:32am
9
Patrick
August 31, 2017, 10:53am
11
Won’t make it into Whonix 14. Unfortunately, it is not available from Debian stretch.
https://packages.debian.org/search?keywords=onionshare
Does anyone know why?
Weird. Its on every Debian version except current stable…
Attempts to build it on Stretch are failing:
opened 09:13AM - 24 Aug 17 UTC
closed 12:22AM - 21 Nov 17 UTC
Build requirements are all installed, and I followed the documentation. My syste… m is mostly Debian stretch, with a mixture of some more recent packages from testing/sid included. Running the Python scripts works fine, just trying to build the Debian package which fails near to some tests near the end.
I'm attaching the contents my `./deb_dist` and `build_log.txt` which includes some warnings.
Just to demonstrate I'm on latest, running the build script from the HEAD of the latest clean master branch:
```
kevin@helios:~/dev/onionshare$ git pull
Already up-to-date.
Current branch master is up to date.
kevin@helios:~/dev/onionshare$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working tree clean
```
I don't know if it's necessary to post the full build output, so I'll just show the actual failure, which seems to indicate a problem with the `debian/rules` file.
```.
dh_auto_test -O--buildsystem=pybuild
I: pybuild base:184: cd /home/kevin/dev/onionshare/deb_dist/onionshare-1.1/.pybuild/pythonX.Y_3.6/build; python3.6 -m pytest test
=============================================================================================== test session starts ===============================================================================================
platform linux -- Python 3.6.2, pytest-3.0.6, py-1.4.32, pluggy-0.4.0
rootdir: /home/kevin/dev/onionshare/deb_dist/onionshare-1.1, inifile:
collected 0 items
========================================================================================== no tests ran in 0.00 seconds ===========================================================================================
E: pybuild pybuild:283: test: plugin distutils failed with: exit code=5: cd /home/kevin/dev/onionshare/deb_dist/onionshare-1.1/.pybuild/pythonX.Y_3.6/build; python3.6 -m pytest test
dh_auto_test: pybuild --test --test-pytest -i python{version} -p "3.6 3.5" returned exit code 13
debian/rules:7: recipe for target 'build' failed
make: *** [build] Error 25
dpkg-buildpackage: error: debian/rules build gave error exit status 2
Traceback (most recent call last):
File "setup.py", line 65, in <module>
('/usr/share/nautilus-python/extensions/', ['install/scripts/onionshare-nautilus.py'])
File "/usr/lib/python3.5/distutils/core.py", line 148, in setup
dist.run_commands()
File "/usr/lib/python3.5/distutils/dist.py", line 955, in run_commands
self.run_command(cmd)
File "/usr/lib/python3.5/distutils/dist.py", line 974, in run_command
cmd_obj.run()
File "/usr/lib/python3/dist-packages/stdeb/command/bdist_deb.py", line 48, in run
util.process_command(syscmd,cwd=target_dirs[0])
File "/usr/lib/python3/dist-packages/stdeb/util.py", line 183, in process_command
check_call(args, cwd=cwd)
File "/usr/lib/python3/dist-packages/stdeb/util.py", line 46, in check_call
raise CalledProcessError(retcode)
stdeb.util.CalledProcessError: 2
OnionShare failed to build!
```
**Note:** I then ran `git clean -fdx`, upgraded all Python 3.5 and 2.7 PyPI modules to their latest versions, and tried it with superuser (root) privileges, received the same result. There was no `.deb` created, though did we get part of the way in that some deb-src files exist. (see attachments)
[build_log.txt](https://github.com/micahflee/onionshare/files/1248286/build_log.txt)
[deb_dist.tar.gz](https://github.com/micahflee/onionshare/files/1248290/deb_dist.tar.gz)
3 Likes
iry
February 19, 2018, 6:37am
13
Tails is using the onionshare from sid:
cat config/chroot_apt/preferences:
Package: onionshare
Pin: release o=Debian,n=sid
Pin-Priority: 999
Is this a feature that is nice to have in Whonix? Or do we have any concern causing us not to adopt this approach ?
2 Likes
Patrick
February 19, 2018, 4:01pm
14
As far I know, Tails doesn’t support full upgrades. Only point release
Apt pinning is too complicated and must be avoided. Reasoning:
2 Likes
For those who would like to use or try onionshare…
After cloning Micah’s repository and building the package, there was an issue running it.
I don’t know which version of onionshare the .d onion-grater white list 40_onionshare.yml was written for, but with version 1.2 (as stated in the GUI), I had to add a line to the ADD_ONION command.
Mimicking NEW:BEST Port=
- pattern: 'NEW:RSA1024 Port=80,(176[0-5][0-9])'
replacement: 'NEW:RSA1024 Port=80,{client-address}:{} Flags=DiscardPK'
2 Likes
Patrick
February 25, 2018, 10:25pm
16
Btw for those who don’t know (information not connected here), instructions can be found here:
Next - Whonix
Thanks!
committed 10:23PM - 25 Feb 18 UTC
Thanks to @troubadour for the fix!
https://forums.whonix.org/t/feature-request-… onionshare-support
0.9.2 most likely.
1 Like
iry
April 25, 2018, 4:54am
18
It seems onionshare will land on stretch-backports but not stretch:
opened 06:32PM - 18 Feb 18 UTC
closed 10:25PM - 07 May 18 UTC
question
packaging
Hi @micahflee. Do you know why Debian stretch doesn't include onionshare? It sho… uld be readily supported as you guys' wiki says and its available for Buster and Jessie but I'm not seeing it in stretch :(
1 Like
A regression about showing the Whonix advice if onion-grater profile is not active yet in Whonix 15 / debian buster based.
opened 10:42AM - 10 Jan 17 UTC
closed 05:58PM - 04 May 21 UTC
enhancement
This is what will happen in Whonix 14, because one has to drop a control port fi… lter configuration snippet first to whitelist the Tor control protocol command required by onionshare.
Currently only a python exception is logged to the console which is not visible within the gui.
```
Onionshare 0.9.2 | https://onionshare.org/
* Running on http://127.0.0.1:17600/
Configuring onion service on port 17600.
Staring ephemeral Tor onion service and awaiting publication
Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/lib/python3.4/threading.py", line 920, in _bootstrap_inner
self.run()
File "/usr/lib/python3.4/threading.py", line 868, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3/dist-packages/onionshare_gui/__init__.py", line 177, in start_onion_service
self.app.start_onion_service()
File "/usr/lib/python3/dist-packages/onionshare/__init__.py", line 89, in start_onion_service
self.onion_host = self.onion.start(self.port)
File "/usr/lib/python3/dist-packages/onionshare/onion.py", line 252, in start
res = self.c.create_ephemeral_hidden_service({ 80: port }, await_publication=True)
File "/usr/lib/python3/dist-packages/stem/control.py", line 2860, in create_ephemeral_hidden_service
self.add_event_listener(hs_desc_listener, EventType.HS_DESC)
File "/usr/lib/python3/dist-packages/stem/control.py", line 3010, in add_event_listener
raise stem.ProtocolError('SETEVENTS rejected %s' % ', '.join(failed_events))
stem.ProtocolError: SETEVENTS rejected HS_DESC
```
If that happens and if Whonix is detected (check for existence of file /usr/share/anon-ws-base-files/workstation), could you please make onionshare an error popup such as the following?
```
ERROR
To make onionshare work in Whonix, please have a look at the Whonix onionshare documentation.
https://www.whonix.org/wiki/onionshare
```
More user-friendly wording suggestions very much welcome.
Added support for OnionShare in “bundled Tor” configuration which is the default in Debian buster version of OnionShare.
Installing onionshare issue on Whonix 14 "there was an error with Tor: SET EVENTS rejected HS_DESC" · Issue #829 · onionshare/onionshare · GitHub
This will come through Whonix 15 package upgrades at some point in future.
1 Like