Tor 0.4.25 release how can we upgrade

jokerjason · December 10, 2019, 11:12am

New tor blog post when can we expect a whonix upgrade to this version of tor? Is it possible and safe to upgrade manually there is some major bug fixes in this release.

Looks like it could be from source only is it possible to do that on whonix, any tutorials? Do we need to do anything specific to the old version installed?

Cloned my gateway for testing

downloaded 0.4.2.5 and cd into it

had to install libevent-dev, libssl-dev and zlib1g-dev

ran ./configure and make followed by sudo make install

Then ran tor --verify-config

response 0.4.2.5 with a notice configuration file /usr/local/etc/tor/torrc not present using reasonable defaults

ran whonixcheck and it gives the following error.

tor exit code 1

Patrick · December 10, 2019, 3:15pm

When deb packages are available from https://deb.torproject.org, I will download them from there and upload to Whonix developers repository from which they will flow to other suites as per usual.

See also:

Nothing Whonix specific regarding installation from source. As per:

jokerjason · December 10, 2019, 3:41pm

Thanks Pat I know you work hard for this project.

I am trying to install this new version to test it out a few very quick questions do I need to uninstall the old tor version first? I have manged to install the newest and verify finds it but produces the error above and whonixcheck won’t run.

Do I need to modify any files to point tor in the direction of the torrc file?

Thank you.

Patrick · December 10, 2019, 4:07pm

Updated Installing Newer Tor Versions just now. I was looking if we can find a suite there which has this version.

https://deb.torproject.org/torproject.org/dists/tor-experimental-0.4.2.x-buster/ currently has Quote https://deb.torproject.org/torproject.org/dists/tor-experimental-0.4.2.x-buster/main/binary-amd64/Packages

Package: tor
Version: 0.4.2.4-rc-1~d10.buster+1

Even Debian -- Error has only 0.4.2.4-rc-1.

If you update a deb package there is usually no need to remove the existing deb. Debian’s dpkg/apt will handle this.

I don’t think so. Configuration file stays untouched. Otherwise apt would ask about it during upgrades.

Since there is no deb yet… The question is…

On Debian buster.
Existing Tor deb package installed.
AppArmor enabled.

How to upgrade tor from source code?

Since it’s not the Debian package I see potential causes for breakage:

different file paths
systemd unit file vs no systemd unit file (might lack that systemd hardening (seccomp))
apparmor (might lack that)

Really non-trivial. I don’t think anyone documented that ever.

“Really” removing the Debian tor pacakge is hard. Due to technical limitations described here:

A hack to uninstall tor:

sudo dpkg --force-all --remove tor

jokerjason · December 10, 2019, 10:37pm

More information cloned the workstation and installed from source and it worked on the workstation kinda of everything installed and my test forum hidden service was reachable. The only issue was when I ran whonixcheck it could not tell if anything needed updating and when I manually ran the update commands it said there was a key mismatch.

In the gateway I had to turn whonixcheck off.

Patrick · December 11, 2019, 12:39am

Workstation doesn’t run Tor. Shouldn’t run Tor.
(anon-ws-disable-stacked-tor)
Only Tor Browser.

Unrelated whonix.org server issue which is now fixed.

jokerjason · December 11, 2019, 4:02pm

Thanks Patrick it’s time I deleted the cloned workstation and gateway and wait until whonix releases this tor version.

One final question if I may Patrick on average how long does it take the whonix team to add a new tor release once the packages have been added by the tor project.

Patrick · December 18, 2019, 8:47am

How to install Tor from source code is now documented here:

Installing Newer Tor Versions

torjunkie · December 20, 2019, 9:49am

sys-whonix doesn’t seem to like Tor 4.2.5. Upon launch of sys-whonix you get this error:

ERROR: Tor Pid Check Result:
Tor not running. (tor_pid_message: Pid 903 is not running.)
You have to fix this error, before you can use Tor.
Please restart Tor after fixing this error.
dom0 → Start Menu → ServiceVM: sys-whonix → Restart Tor
or in Terminal:
sudo service tor@default restart
Restart whonixcheck after fixing this error.
dom0 → Start Menu → ServiceVM: sys-whonix → Whonix Check
or in Terminal:
whonixcheck

Restarting of Tor doesn’t fix the problem.

whonix-check:

[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw-15 TemplateBased ProxyVM | Fri 20 Dec 2019 09:30:06 AM UTC
[ERROR] [whonixcheck] Tor Pid Check Result:
Tor not running. (tor_pid_message: Pid 3466 is not running.)

You have to fix this error, before you can use Tor.
Please restart Tor after fixing this error.
dom0 → Start Menu → ServiceVM: sys-whonix → Restart Tor
or in Terminal: sudo service tor@default restart
Restart whonixcheck after fixing this error.

dom0 → Start Menu → ServiceVM: sys-whonix → Whonix Check
or in Terminal: whonixcheck

anon-info:

INFO: version of the ‘tor’ package: 0.4.2.5-1~d10.buster+1

Attempt to run nyx:

Unable to connect to tor. Are you sure it’s running?

Config check looks okay:

/===================================================================
| Report Summary |
===================================================================/
No error detected in your Tor configuration.
Tor verify exit code: 0
/===================================================================
| Tor Full Report |
===================================================================/
Dec 20 09:18:08.338 [notice] Tor 0.4.2.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Dec 20 09:18:08.338 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download
Dec 20 09:18:08.338 [notice] Read configuration file “/usr/share/tor/tor-service-defaults-torrc”.
Dec 20 09:18:08.338 [notice] Read configuration file “/etc/tor/torrc”.
Dec 20 09:18:08.339 [notice] Included configuration file or directory at recursion level 2: “/usr/local/etc/torrc.d/40_tor_control_panel.conf”.
Dec 20 09:18:08.339 [notice] Included configuration file or directory at recursion level 2: “/usr/local/etc/torrc.d/50_user.conf”.
Dec 20 09:18:08.339 [notice] Included configuration file or directory at recursion level 1: “/etc/torrc.d/95_whonix.conf”.
Dec 20 09:18:08.339 [notice] You configured a non-loopback address ‘10.137.0.4:5300’ for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Dec 20 09:18:08.339 [notice] You configured a non-loopback address ‘10.137.0.4:9040’ for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Configuration was valid
/===================================================================
| Used Tor Configuration Files |
5 files are used as Tor configuration files:
/usr/share/tor/tor-service-defaults-torrc /etc/tor/torrc /etc/torrc.d/95_whonix.conf /usr/local/etc/torrc.d/40_tor_control_panel.conf /usr/local/etc/torrc.d/50_user.conf

Check Tor warnings with grep -i warn /var/run/tor/log :

Dec 20 09:21:10.686 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at Tor Project | Download

Check Tor errors with grep -i error /var/run/tor/log :

Nothing

sudo service tor@default status

tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/tor@default.service.d
└─30_qubes.conf, 40_obfs4proxy-workaround.conf, 40_qubes.conf, 50_controlsocket-workaround.conf
Active: reloading (reload) (Result: exit-code) since Fri 2019-12-20 09:21:11 UTC; 2min 25s ago
Process: 3040 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
Process: 3041 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
Process: 3042 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 (code=exited, status=1/FAILURE)
Process: 3058 ExecStartPost=/bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 3042 (code=exited, status=1/FAILURE)
Tasks: 0 (limit: 4666)
Memory: 1.2M
CGroup: /system.slice/system-tor.slice/tor@default.service

Dec 20 09:21:11 host Tor[3042]: You configured a non-loopback address ‘10.137.0.4:9225’ for HTTP TunnelPort. This allows everybody on your local network to use your machine as a proxy.
Dec 20 09:21:11 host Tor[3042]: You configured a non-loopback address ‘10.137.0.4:9226’ for HTTP TunnelPort. This allows everybody on your local network to use your machine as a proxy.
Dec 20 09:21:11 host Tor[3042]: You configured a non-loopback address ‘10.137.0.4:9227’ for HTTP TunnelPort. This allows everybody on your local network to use your machine as a proxy.
Dec 20 09:21:11 host Tor[3042]: You configured a non-loopback address ‘10.137.0.4:9228’ for HTTP TunnelPort. This allows everybody on your local network to use your machine as a proxy.
Dec 20 09:21:11 host Tor[3042]: You configured a non-loopback address ‘10.137.0.4:9229’ for HTTP TunnelPort. This allows everybody on your local network to use your machine as a proxy.
Dec 20 09:21:11 host Tor[3042]: Opening Socks listener on /run/tor/socks
Dec 20 09:21:11 host Tor[3042]: Opened Socks listener on /run/tor/socks
Dec 20 09:21:11 host Tor[3042]: Opening Control listener on /run/tor/control
Dec 20 09:21:11 host Tor[3042]: Opened Control listener on /run/tor/control
Dec 20 09:21:11 host systemd[1]: tor@default.service: Main process exited, code=exited, status=1/FAILURE

Reload Tor with sudo service tor@default restart

Check status → same error as above.

So I guess something is wrong with tor-service-defaults-torrc with this new version? Tor v4.1.6 works perfectly…

Any idea?

Patrick · January 1, 2020, 8:23pm

I can’t reproduce this.

tor 0.4.2.5-1~d10.buster+1 is now in Whonix testers repository.

torjunkie · January 10, 2020, 11:18pm

Easy to replicate - it is caused by Sandbox 1 in the tor config file.

Remove that → 4.2.5 works
Don’t remove it → Tor consistently fails to start

Maybe it is yet another sandbox bug in Tor code (?) e.g. previous ones:

Maybe nobody is running the sandbox much in Qubes-Whonix or those doing testing, but I doubt it.

Patrick · January 11, 2020, 9:31am

Maybe it is yet another sandbox bug in Tor code (?) e.g. previous ones:

Very possible.

Maybe nobody is running the sandbox much in Qubes-Whonix or those doing testin

Also very possible.