Tor controller GUI (tor-control-panel)

troubadour · July 8, 2018, 8:18pm

Some screenshots.

Screenshot_1

Screenshot_7

Screenshot_4

For Whonix 14 only, all virtualizers.

Installation instructions.
In whonix-gw-14 for Qubes, in Whonix-Gateway for VirtualBox or KVM.

Install the software for building the package

sudo apt-get install git genmkfile ruby-ronn debhelper build-essential python3-ipy

Get the package
Qubes users:
To be able to get the package from github, full networking has to be allowed in the template.
In whonix-gw-14 --> Qubes Settings --> Networking, select sys-whonix instead of (none).
This setup should be temporary, as it is recommended against allowing networking in Qubes
templates.
Revert to (none) after installation.

All users:
In /home/user/:
```
git clone https://github.com/troubadoour/tor-control-panel.git
```
Install the package
```
cd tor-control-panel
make deb-icup
```

The package should be installed.

Qubes users should shutdown the template and restart sys-whonix, After refreshing the applications
in Qubes Settings, the program can be run from Start Menu --> sys-whonix --> tor-control-panel

Other users should be able to run it from Start Menu --> Applications --> tor-control-panel.

Alternatively, in a sys-whonix or Whonix-Gateway terminal, run:

kdesudo tor-control-panel &

HulaHoop · July 9, 2018, 1:26am

Fantastiche. Great layout and pleasant looking. Please also notify upstream to get more hands to help also potentially a GSoC grant?

torjunkie · July 10, 2018, 8:21am

A beautiful thing - well done. I’ll borrow your screenshots for the wiki, with attribution. Cheers

Patrick · July 11, 2018, 10:11am

Could you please add the license header to all the python files?

Then I can build and upload this very soon to Whonix repository to simplify installation.

//cc @iry

iry · July 11, 2018, 11:05am

Awesome work, @troubadour !

This looks really fantastic!

I find a minor bug when testing: When Tor is stopped and we hit the “New Identity” button, the tor-control-panel will crash

This is because new identity try to use the Tor control socket /var/run/tor/control which is missing when Tor is stopped.

Solution could be either:

Disable New Identity button when Tor is stopped.
Or let tor-control-panel never use systemd to stop Tor. Instead, we can use: self.tor_controller.set_conf('DisableNetwork', '1') to control Tor. In this way, since Tor is actually running (just not speaking to the Tor network), /var/run/tor/control should always be available.

I personally prefer the second solution as Tor controller ought to speak with Tor control socket. What do you think?

Patrick · July 11, 2018, 11:21am

Except when ti’s not. For example due to user misconfiguration and Tor failing to start. So crashing when it’s not available is bad.

iry · July 11, 2018, 11:30am

I agreed!

troubadour · July 11, 2018, 9:45pm

Done.

Good catch.

But after Patrick’s comment and my own blurred understanding of what DisableNetwork 1 is exactly achieving, I chose the first solution. The newnym button is disabled if Tor is not running.

BTW, thanks for the work with snowflake. It was ported right away in tor-control-panel. Not sure it should be left at this time. It could be disabled until Tor Browser 9 becomes stable.

iry · July 12, 2018, 5:50am

Yes! It should be disabled until we make snowflake-client available in Whonix-Gateway. We don’t have to wait until Tor Browser 9 to become stable, I just need to somehow get it into Whonox-Gateway.

Patrick · July 12, 2018, 7:37am

Minor: man page needs author.

There is a diff between:

Could you please have a look if there are any enhancements from ACW that should be forward ported to tor-control-panel?

Patrick · July 12, 2018, 8:00am

Testing this on plain Debian.

tor-control-panel 
Traceback (most recent call last):
  File "/usr/bin/tor-control-panel", line 3, in <module>
    from tor_control_panel import tor_control_panel
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 15, in <module>
    from . import tor_status, tor_bootstrap, torrc_gen, info
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_status.py", line 9, in <module>
    from anon_connection_wizard import repair_torrc
ImportError: No module named 'anon_connection_wizard'

So we either need to depend on ACW, merge that ACW code into tor-control-panel or move that code into anon-shared-helper-scripts (if that makes sense) and depend on that.

tor-control-panel 
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
tail: cannot open '/var/run/tor/log' for reading: No such file or directory
Traceback (most recent call last):
  File "/usr/bin/tor-control-panel", line 4, in <module>
    tor_control_panel.main()
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 743, in main
    tor_controller.refresh(True)
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 709, in refresh
    self.refresh_user_configuration()
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 664, in refresh_user_configuration
    self.bridges_type.setText(args[0])
TypeError: 'NoneType' object is not subscriptable

Patrick · July 12, 2018, 8:06am

Testing in Whonix. Starting as non-root.

tor-control-panel
QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 587, in configure
    torrc_gen.gen_torrc(args)
  File "/usr/lib/python3/dist-packages/tor_control_panel/torrc_gen.py", line 66, in gen_torrc
    with open(torrc_file_path, "w") as f:
PermissionError: [Errno 13] Permission denied: '/usr/local/etc/torrc.d/40_anon_connection_wizard.conf'
Aborted

Could you please mimic ACW?

anon-connection-wizard
ERROR: This must be run as root!
Use "kdesudo".

troubadour · July 16, 2018, 8:06pm

A batch of commits.

Minor:

merge “fix lintian warnings”
check if run as root
author in man page

The last one should fix some bigger issues.

https://github.com/troubadoour/tor-control-panel/commit/48274e81a650ab115e26dcb29a32ea3d1a104612

@iry Could you review ?

The package does not longer depends on ACW.

tor-control-panel is running in plain Debian. Still having a problem with Tor log. There is no /run/tor/log neither /var/tor/log. The log output should probably be set to a file in torrc (Log notice err File somefile). Had no time test further.

Patrick · July 17, 2018, 5:54am

Debian’s Tor default log:

/usr/share/tor/tor-service-defaults-torrc

Log notice file /var/log/tor/log

But user user cannot access it due to access rights.

This is a problem:

torrc_file_path = '/etc/torrc.d/40_tor_control_panel.conf'

When ACW created /etc/torrc.d/40_anon_connection_wizard.conf earlier, these settings will conflict with each other. So perhaps just stick with /etc/torrc.d/40_anon_connection_wizard.conf?

That brings us to a related point. What is the future of ACW? We’ll still need it at first boot? So let’s just put the code for enabling/disabling Tor / bridges into anon-shared-helper-scripts package?

Patrick · July 17, 2018, 5:59am

Or perhaps easier: we merge ACW into tor-control-panel?

Patrick · July 19, 2018, 2:34pm

tor-control-panel uploaded to all stretch repositories.

Patrick · July 19, 2018, 2:44pm

https://github.com/Whonix/tor-control-panel/commit/fb5417956b22fb0e642f9b77763e1db60d1cfd50

Patrick · July 19, 2018, 2:53pm

https://github.com/Whonix/tor-control-panel/commit/8691ea5af7f3d322f9ccf2eb185188009fe364f9

troubadour · July 19, 2018, 4:32pm

I was ready to change this, because it seems to be conflicting with anon-gw-anonymizer-config.

Changed the path in the others files.

https://github.com/troubadoour/tor-control-panel/commit/33bbb9398686b7c1ae187a561b20ab9fdd08c602

troubadour · July 27, 2018, 2:49pm

A couple of commits.