Yes, probably. Have pushed a few commits in tor-control-panel.
Left with an issue in sdwdate-gui-qubes when /var/run/tor/ is deleted.
1 Like
All merged.
Btw also all readmeās of all packages updated.
Radically simplified.
(using generic readme developer-meta-files/README_generic.md at master Ā· Kicksecure/developer-meta-files Ā· GitHub)
Thatās a good question. I keep wondering. Often I try to foresee what would happen on disk errors where parts of the files donāt exist.
Maybe not situations created by developers but created by users.
An onion-grater corner case is that it fails to start if networking does not come up (due to some unidentified update bug). Then even if networking gets manually restarted, the system still doesnāt work and no hint to restart onion-grater. So ideally onion-grater could gracefully handle non-existing network and wait for it.
Not great but ok. Could instruct user to do something (start tor-control-panel, if installed, on gateway).
The refusal to start is very much worth fixing. We rely on it as a diagnosis tool. While it doesnāt have to be able to fix all things that users can mess up, itās good if it at least hints whats wrong.
However we probably should not go as far as fixing a system where the user deleted /usr/share/tor/tor-service-defaults-torrc in Whonix. 
Was done a couple fo days ago.
Sorry I did not describe the commits.
Probably overkill. But if we had the template, that would be a matter of copying a file.
A logic fix.
1 Like
tor_is_enabled = tor_status.tor_status() == ātor_enabledā and not
tor_status.tor_status() == āmissing_disablenetwork_lineā
tor_status.tor_status() just returns one keyword. Or could it be
ātor_enabledā and at the same time āmissing_disablenetwork_lineā?
I doubt it can be āmissing_disablenetwork_lineā and ātor_enabledā at the
same time? So I donāt understand that logic anyhow.
Yes, the logic is flawed, again.
There is an easy fix, just returning tor_disabled if the DisableNetwork line is missing. Or there is moreā¦
tor_status.py does not parse all the files in /etc/torrc.d. If a line DisableNetwork 1 is written in the userās torrc file (why not ?), we have no way to know it. Tor, sdwdate and whonixcheck will be aware though.
Also, if the line is commented, tor_status.py cannot parse it either. However, anon-connection-wizard can deal with the commented line on reboot, because it rewrites torrc in anon-connection-wizard.py
1 Like
Because anon-gw-anonymizer-config/torrc.anondist at master Ā· Whonix/anon-gw-anonymizer-config Ā· GitHub only uses /etc/torrc.d/95_whonix.conf which only uses:
%include /usr/local/etc/torrc.d/40_tor_control_panel.conf
%include /usr/local/etc/torrc.d/50_user.conf
Weāre not really using whole torrd.d. Why? Because torrc.d/*.conf isnāt implemented yet (Tor Project ticket exists- Parse only .torrc files in torrc.d directory (#25140) Ā· Issues Ā· Legacy / Trac Ā· GitLab). Without only parsing *.conf files with appendix like ~ (graphical editor backup files) and .dpkg-old would also be parsed leading to unexpected behavior.
So the ideal way would be āsame way like Tor doesā. From the Tor startup command, to tor-service-defaults-torrc, to /etc/tor/torrrc and always evaluating the %include statements.
Bash pull request in progress.
//cc @iry
It should be done in
I created files containing DisableNetwork 1 with any appendix (.anything or .conf.anything) in torrc.d. glob parses only .conf files.
It is a big commit, some changes in torrc/torrc.d path in several files.
In the maze, I have commented this part:
### start Tor
#command = 'systemctl --no-pager restart tor@default'
#tor_status_code = call(command, shell=True)
#if tor_status_code != 0:
#return 'cannot_connect', tor_status_code
### we have to reload to open /var/run/tor/control and create /var/run/tor/control.authcookie
#command = 'systemctl reload tor@default.service'
#tor_status_code = call(command, shell=True)
#command = 'systemctl --no-pager status tor@default'
#tor_status_code= call(command, shell=True)
#if tor_status_code != 0:
#return 'cannot_connect', tor_status_code
#return 'tor_enabled', tor_status_code
tor-control-panel is restarting Tor after any action, and it looks like that today we do not have to reload Tor after enabling the network. Tested after reboot.
1 Like
Forget the last commit. Will revert. I was carried away in coding, without reading closely enough.
1 Like
On the other hand, do we have to wait for https://trac.torproject.org/projects/tor/ticket/25140 to implemented .conf parsing only? Isnāt it the default extension for the .d mechanism?
In https://github.com/Whonix/anon-shared-helper-scripts/pull/3#issuecomment-377913469, you wrote
Parsing only *.conf rather than * is very important (and an easy code change) indeed.
Thatās what I believe too. The last commit in tor-control-panel just implements that.
But we have to parse .conf in tor_enabled_check, or whonixcheck will complain if a file with a ~ or whichever extension exist in torrc.d.
The real thing, parsing as Tor does, would have to be done in a new python script, as you suggest.
1 Like
Yes.
Unfortunately not. Torās %include parses everything.
Qubes Debian VM. Detects Tor disabled if it is not.
cat /etc/tor/torrc /etc/torrc.d/40_tor_control_panel.conf /etc/torrc.d/50_user.conf
.
%include /etc/torrc.d/40_tor_control_panel.conf
%include /etc/torrc.d/50_user.conf
# Do not edit this file!
# Please add modifications to the following file instead:
# /etc/torrc.d/50_user.conf
Log notice file /var/run/tor/log
# Tor user specific configuration file
#
# Add user modifications below this line:
############################################
The network is disabled.
A line DisableNetwork 1 exists in torrc
The network can be enabled with:
Tor controller cannot be constructed.This is very likely because you have a "DisableNetwork 1" line in some torrc file(s). Please manually remove or comment those lines and then run anon-connection-wizard or restart Tor.
"DisableNetwork 1 doesnāt lead to Tor control socket unavailable.
We donāt have snowflake / /usr/bin/snowflake-client in Whonix. Doesnāt work for me. Did this ever work? Should be removed if broken.
meek: does any meek still work or should be removed? //cc @iry
1 Like
It works as long as we extract the snowflake executable from TBB to /usr/bin/snowflake-client. However, snowflake is never packaged into Debian. I guess we can leave it here and wait for snowflake getting into Whonix or Debian?
I am not offended by keeping inactive code in. On the contrary, if it
helps, I am a big fan of it. Even if others by convention donāt like that.
The problem is that when users try this the snowflake option, itās
broken. Tor fails to start due to the missing binary. So itās a
usability bug.
I guess we can leave it here and wait for snowflake getting into
Whonix or Debian?
Whonix: Not realistic at this point. In theory we could slightly modify
tb-updater and download TBB to Whonix-Gateway and keep it updated but no
manpower to implement.
1 Like
I see! This can be easily fixed, we simply hide this option from user:
2 Likes
This is tor-control-panel thread. So tor-control-panel issue. Didnāt notice this is an ACW issue as well.
I guess the tor-control-panel vs ACW issue will be sorted once the code is merged and reused/shared.
Hide snowfalke optoin from user Ā· irykoon/anon-connection-wizard@6f2ce2f Ā· GitHub merge not easy. Could you please merge Whonix/master or rebase on Whonix/master beforehand?
1 Like
I did a pull request just now: Support new Pluggable Transport Snowflake by irykoon Ā· Pull Request #22 Ā· Kicksecure/anon-connection-wizard Ā· GitHub
3 Likes
It was really crashing on any bridge selection in āConfigureā.
Will have to disable snowflake option too, until a solution is found.
2 Likes
Wow, glad to see youāre back! Thanks for the commit, merged! 
2 Likes