Yes, probably. Have pushed a few commits in tor-control-panel.
Left with an issue in sdwdate-gui-qubes when /var/run/tor/
is deleted.
Yes, probably. Have pushed a few commits in tor-control-panel.
Left with an issue in sdwdate-gui-qubes when /var/run/tor/
is deleted.
All merged.
Btw also all readmeās of all packages updated.
Radically simplified.
(using generic readme developer-meta-files/README_generic.md at master Ā· Kicksecure/developer-meta-files Ā· GitHub)
Thatās a good question. I keep wondering. Often I try to foresee what would happen on disk errors where parts of the files donāt exist.
Maybe not situations created by developers but created by users.
An onion-grater corner case is that it fails to start if networking does not come up (due to some unidentified update bug). Then even if networking gets manually restarted, the system still doesnāt work and no hint to restart onion-grater. So ideally onion-grater could gracefully handle non-existing network and wait for it.
Not great but ok. Could instruct user to do something (start tor-control-panel, if installed, on gateway).
The refusal to start is very much worth fixing. We rely on it as a diagnosis tool. While it doesnāt have to be able to fix all things that users can mess up, itās good if it at least hints whats wrong.
However we probably should not go as far as fixing a system where the user deleted /usr/share/tor/tor-service-defaults-torrc
in Whonix.
Was done a couple fo days ago.
Sorry I did not describe the commits.
Probably overkill. But if we had the template, that would be a matter of copying a file.
A logic fix.
tor_is_enabled = tor_status.tor_status() == ātor_enabledā and not
tor_status.tor_status() == āmissing_disablenetwork_lineā
tor_status.tor_status() just returns one keyword. Or could it be
ātor_enabledā and at the same time āmissing_disablenetwork_lineā?
I doubt it can be āmissing_disablenetwork_lineā and ātor_enabledā at the
same time? So I donāt understand that logic anyhow.
Yes, the logic is flawed, again.
There is an easy fix, just returning tor_disabled
if the DisableNetwork
line is missing. Or there is moreā¦
tor_status.py
does not parse all the files in /etc/torrc.d. If a line DisableNetwork 1
is written in the userās torrc file (why not ?), we have no way to know it. Tor, sdwdate and whonixcheck will be aware though.
Also, if the line is commented, tor_status.py
cannot parse it either. However, anon-connection-wizard can deal with the commented line on reboot, because it rewrites torrc in anon-connection-wizard.py
Because anon-gw-anonymizer-config/torrc.anondist at master Ā· Whonix/anon-gw-anonymizer-config Ā· GitHub only uses /etc/torrc.d/95_whonix.conf which only uses:
%include /usr/local/etc/torrc.d/40_tor_control_panel.conf
%include /usr/local/etc/torrc.d/50_user.conf
Weāre not really using whole torrd.d. Why? Because torrc.d/*.conf
isnāt implemented yet (Tor Project ticket exists- Parse only .torrc files in torrc.d directory (#25140) Ā· Issues Ā· Legacy / Trac Ā· GitLab). Without only parsing *.conf
files with appendix like ~
(graphical editor backup files) and .dpkg-old
would also be parsed leading to unexpected behavior.
So the ideal way would be āsame way like Tor doesā. From the Tor startup command, to tor-service-defaults-torrc, to /etc/tor/torrrc and always evaluating the %include
statements.
Bash pull request in progress.
//cc @iry
It should be done in
I created files containing DisableNetwork 1
with any appendix (.anything or .conf.anything) in torrc.d. glob
parses only .conf
files.
It is a big commit, some changes in torrc/torrc.d path in several files.
In the maze, I have commented this part:
### start Tor
#command = 'systemctl --no-pager restart tor@default'
#tor_status_code = call(command, shell=True)
#if tor_status_code != 0:
#return 'cannot_connect', tor_status_code
### we have to reload to open /var/run/tor/control and create /var/run/tor/control.authcookie
#command = 'systemctl reload tor@default.service'
#tor_status_code = call(command, shell=True)
#command = 'systemctl --no-pager status tor@default'
#tor_status_code= call(command, shell=True)
#if tor_status_code != 0:
#return 'cannot_connect', tor_status_code
#return 'tor_enabled', tor_status_code
tor-control-panel
is restarting Tor after any action, and it looks like that today we do not have to reload Tor after enabling the network. Tested after reboot.
Forget the last commit. Will revert. I was carried away in coding, without reading closely enough.
On the other hand, do we have to wait for https://trac.torproject.org/projects/tor/ticket/25140 to implemented .conf parsing only? Isnāt it the default extension for the .d mechanism?
In https://github.com/Whonix/anon-shared-helper-scripts/pull/3#issuecomment-377913469, you wrote
Parsing only *.conf rather than * is very important (and an easy code change) indeed.
Thatās what I believe too. The last commit in tor-control-panel just implements that.
But we have to parse .conf in tor_enabled_check
, or whonixcheck will complain if a file with a ~
or whichever extension exist in torrc.d.
The real thing
, parsing as Tor does, would have to be done in a new python script, as you suggest.
Yes.
Unfortunately not. Torās %include
parses everything.
Qubes Debian VM. Detects Tor disabled if it is not.
cat /etc/tor/torrc /etc/torrc.d/40_tor_control_panel.conf /etc/torrc.d/50_user.conf
.
%include /etc/torrc.d/40_tor_control_panel.conf
%include /etc/torrc.d/50_user.conf
# Do not edit this file!
# Please add modifications to the following file instead:
# /etc/torrc.d/50_user.conf
Log notice file /var/run/tor/log
# Tor user specific configuration file
#
# Add user modifications below this line:
############################################
The network is disabled.
A line DisableNetwork 1 exists in torrc
The network can be enabled with:
Tor controller cannot be constructed.This is very likely because you have a "DisableNetwork 1" line in some torrc file(s). Please manually remove or comment those lines and then run anon-connection-wizard or restart Tor.
"DisableNetwork 1
doesnāt lead to Tor control socket unavailable.
We donāt have snowflake / /usr/bin/snowflake-client in Whonix. Doesnāt work for me. Did this ever work? Should be removed if broken.
meek: does any meek still work or should be removed? //cc @iry
It works as long as we extract the snowflake executable from TBB to /usr/bin/snowflake-client
. However, snowflake is never packaged into Debian. I guess we can leave it here and wait for snowflake getting into Whonix or Debian?
I am not offended by keeping inactive code in. On the contrary, if it
helps, I am a big fan of it. Even if others by convention donāt like that.
The problem is that when users try this the snowflake option, itās
broken. Tor fails to start due to the missing binary. So itās a
usability bug.
I guess we can leave it here and wait for snowflake getting into
Whonix or Debian?
Whonix: Not realistic at this point. In theory we could slightly modify
tb-updater and download TBB to Whonix-Gateway and keep it updated but no
manpower to implement.
I see! This can be easily fixed, we simply hide this option from user:
This is tor-control-panel thread. So tor-control-panel issue. Didnāt notice this is an ACW issue as well.
I guess the tor-control-panel vs ACW issue will be sorted once the code is merged and reused/shared.
Hide snowfalke optoin from user Ā· irykoon/anon-connection-wizard@6f2ce2f Ā· GitHub merge not easy. Could you please merge Whonix/master or rebase on Whonix/master beforehand?
I did a pull request just now: Support new Pluggable Transport Snowflake by irykoon Ā· Pull Request #22 Ā· Kicksecure/anon-connection-wizard Ā· GitHub
It was really crashing on any bridge selection in āConfigureā.
Will have to disable snowflake option too, until a solution is found.
Wow, glad to see youāre back! Thanks for the commit, merged!