Preserving changes to main config files across updates

HulaHoop · May 8, 2018, 3:56am

@Patrick we’ve succeeded in getting privoxy to work with I2P but we must modify the original config files directly since it doesn’t seem to support .d style configuration. Is this considered a showstopper or can we use a workaround with inotify so that when detecting any changes to the main privoxy config (say after a pkg update), it would trigger a command that copies over our custom config and restarts the daemon?

Patrick · May 8, 2018, 8:21am

HulaHoop:

Is this considered a showstopper

No.

can we use a workaround with inotify so that when detecting any
changes to the main privoxy config (say after a pkg update), it would
trigger a command that copies over our custom config and restarts the
daemon?

Very unclean and absolutely not required.

@Patrick we’ve succeeded in getting privoxy to work with I2P but we must modify the original config files directly since it doesn’t seem to support .d style configuration.

Use config-package-dev displace. Many examples in Whonix source code.

  ~/Whonix $ myfind . | grep displace
+ exec find . -type f -not -iwholename '*.git*'
...
./packages/anon-gw-anonymizer-config/debian/anon-gw-anonymizer-config.displace
./packages/anon-gw-anonymizer-config/debian/anon-gw-anonymizer-config.displace-extension
...

The full instructions in very short:

Patrick · May 8, 2018, 8:34am

What’s the small summary for using privoxy?

Translate socks to http?

Translate http to socks?

Redirect localhost to Whonix-Gatway?

goldstein-otg · May 8, 2018, 9:23am

Redirect .i2p to 127.0.0.1:4444

HulaHoop · May 8, 2018, 3:57pm

@Patrick should I add .bit domains to privoxy for transparent redirection to zeronet?

Patrick · May 8, 2018, 7:41pm

With socat or systemd-socket-proxyd we could only redirect all Tor Browser socks (or http?) connections to i2p?

You want to redirect .i2p only? You want to block clearnet in that browser?

goldstein-otg · May 8, 2018, 9:43pm

I’m not sure what you mean by that
We redirect (atm) .i2p (http) to 127.0.0.1:4444 and forward it with socat to the I2P Router on the Gateway.

Yes, .i2p and (depending on the user .bit/zeronet) and block all clearnet/tor traffic in that TBB

Patrick · May 10, 2018, 10:34am

Goldstein:

Patrick:

With socat or systemd-socket-proxyd we could only redirect all Tor Browser socks (or http?) connections to i2p?

I’m not sure what you mean by that

Could you use socat [1] to redirect the unix domain socket file
/var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock [2] [3],
which Tor Browser is talking to by default in Whonix, to i2p?

[1] (or systemd-socket-proxyd which is about the same - used in Whonix
14 instead of socat)
[2] export TOR_SOCKS_IPC_PATH="/var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock"
[3]
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/lib/anon-ws-disable-stacked-tor/torbrowser.sh#L47
[4] environment variable already set in Whonix-Workstation by default

Patrick · June 13, 2018, 6:34am

HulaHoop:

@Patrick should I add .bit domains to privoxy for transparent redirection to zeronet?

Ok. No strong opinion either way.