Tor controller GUI (tor-control-panel)

troubadour · July 29, 2018, 9:11pm

Enable / Disable Tor, which may set the future of Anon Connection Wizard.

Patrick · July 30, 2018, 12:34am

get torrc path from a single place · troubadoour/tor-control-panel@9049a82 · GitHub

Did you change back to (hardcoded) path /etc/torrc.d/40_tor_control_panel.conf by mistake?

if not log_exists:
    with open('/usr/share/tor/tor-service-defaults-torrc', 'a') as f:
        f.write('Log notice file /var/log/tor/log\n')

This makes the package unfit for inclusion into packages.debian.org.

If we need a guaranteed setting Log notice file /var/log/tor/log then we could add it to torrc_text.

troubadour · July 30, 2018, 8:28pm

No, 40_tor_control_panel.conf is used in non Whonix distributons.

Patrick:

if not log_exists:
    with open('/usr/share/tor/tor-service-defaults-torrc', 'a') as f:
        f.write('Log notice file /var/log/tor/log\n')
This makes the package unfit for inclusion into packages.debian.org .

Yes, I forgot that /usr/share/tor/tor-service-defaults-torrc belongs to Tor.

Tested in plain Debian, OK.

A couple of cosmetic commits, too.

troubadour · July 30, 2018, 9:09pm

Regarding tor-control-panel vs anon-connection-wizard, I modified whonix-setup-wizard to run the former if torrc does not exist or if the Tor network is disabled.

In either case, tor-control-panel is started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created by anon-gw-anonymiser-config without the DisableNetwork line, the user should also enable the network (first boot configuration, I believe).

Patrick · July 31, 2018, 5:05am

I find it problematic to use different config file names in Whonix vs non-Whonix. This makes documentation needlessly more complex. If we want to change the name of the config file, why not just use the same config name everywhere?

Could you please make it consistently use 40_tor_control_panel.conf everywhere? Then I will add code to GitHub - Kicksecure/legacy-dist: Prepare older Build Versions of Whonix for Upgrade to migrate to the new config file name.

'''repair_torrc() function will be called when we want to gurantee the existence of:
1. /etc/torrc.d/95_whonix.conf
2. /etc/tor/torrc
3. "%include /etc/torrc.d/95_whonix.conf" line in /etc/tor/torrc file
In addition, we create 40_anon_connection_wizard.conf
and 50_user.conf here if they do not exist.
'''

So in simple words repair_torrc() is a helper function, safe to call at any time.
But on the other hand torrc_text contains DisableNetwork 0 which enables networking which leads to connecting to the public Tor network. That’s a bug?

Patrick · August 1, 2018, 5:44am

troubadour:

Regarding tor-control-panel vs anon-connection-wizard, I modified whonix-setup-wizard to run the former if torrc does not exist or if the Tor network is disabled.

That indicates that anon-connection-wizard still gets run in some cases?

Did you push that commit? Didn’t find it.

In either case, tor-control-panel is started on reboot, with instructions on how to enable the network. If torrc does not exist, the template being created by anon-gw-anonymiser-config without the DisableNetwork line, the user should also enable the network (first boot configuration, I believe).

Yes, using tor-control-panel (or anon-connection-wizard depending on
how we move forward) will be very popular but we won’t make it a hard
dependency. Users are still able to do everything manually. Would be
very unclean otherwise.

troubadour · August 1, 2018, 7:25pm

No, only manually as far as it was tested.

I was just about to do it, but there is a discrepancy between the installed whonix-setup-wizard and the one cloned from Whonix. An diff excerpt:

-        self.im_checkbox = QtWidgets.QCheckBox(self.group)
+        self.kbd_checkbox = QtWidgets.QCheckBox(self.group)

Done here.

Related to the new torrc path: on booting, regardless of /etc/torrc.d state, 95_whonix.conf is created with a %include /usr/local/etc/torrc.d/40_anon_connection_wizard.conf line before tor-control-panel is run. Just wondering where it comes from (bind-dirs ?). No change after disabling anon-gw-anonymizer-config service in whonix-gw-14.

Yes and no. It was in the pipeline. I guess users in Debian or other should expect to connect directly to the public Tor network, without performing the Enable network step required in Whonix.

Patrick · August 2, 2018, 3:58am

troubadour:

Related to the new torrc path: on booting, regardless of /etc/torrc.d state, 95_whonix.conf is created with a %include /usr/local/etc/torrc.d/40_anon_connection_wizard.conf line before tor-control-panel is run. Just wondering where it comes from (bind-dirs ?). No change after disabling anon-gw-anonymizer-config service in whonix-gw-14.

Patrick:

So in simple words repair_torrc() is a helper function, safe to call at any time.
But on the other hand torrc_text contains DisableNetwork 0 which enables networking which leads to connecting to the public Tor network. That’s a bug?

Yes and no. It was in the pipeline. I guess users in Debian or other should expect to connect directly to the public Tor network, without performing the Enable network step required in Whonix.

They will. This is the case in Debian anyhow. Debian doesn’t have anon-gw-anonymizer-config installed by default. Therefore no custom anon-gw-anonymizer-config/usr/share/tor/tor-service-defaults-torrc.anondist at master · Whonix/anon-gw-anonymizer-config · GitHub which sets Whonix’c custom Torrc setting DisableNetwork 1.

In other words Debian’s default is DisableNetwork 0 anyhow. (That setting is Tor’s default so Debian’s default config has no need to set DisableNetwork 0 explicitly.

No need to change DisableNetwork setting in tor-control-panel in Debian unless we want to disable Tor.

Related:
Adapt Tor installer to allow users to avoid connecting to the public tor network

Patrick · August 2, 2018, 4:25am

if not whonix:
    torrc_text = (torrc_text +
        'DisableNetwork 0\n' +
        'Log notice file /var/log/tor/log\n')

There is no need for either one.

DisableNetwork 0 as explained above.
No need for Log notice file /var/log/tor/log either since /usr/share/tor/tor-service-defaults-torrc by Debian default contains Log notice file /var/log/tor/log already anyhow.

Patrick · August 2, 2018, 4:33am

additional /var/run/tor/log default log

(This is for Debian.)

If running in Whonix, why not use /var/run/tor/log by default? Better since more relevant/up to date information?

If not running in Whonix, fall back to be using /var/log/tor/log if/until additional /var/run/tor/log default log (#16821) · Issues · Legacy / Trac · GitLab gets implemented by Debian.

Btw tor-control-panel doesn’t crash if that files doesn’t exist either?

Patrick · August 5, 2018, 9:05am

Could you please adapt analogous to above commit?

Patrick · August 5, 2018, 9:10am

troubadour · August 6, 2018, 7:55pm

Fixed mime type.

No, there is just no Tor log.

Makes sense. Done, along with the HTML log file /var/run/tor/html-log (it was written to /home/user).

In Debian Tor 3.3.9, there is only Log notice syslog in tor-service-defaults-torrc. According to additional /var/run/tor/log default log (#16821) · Issues · Legacy / Trac · GitLab, this is not likely to change. Using /var/run/tor/log in Debian too.

Also, we have to set the torrc files before tor-control-panel is run for te first time after installation. The easiest solution I found is to install tor-control-panel own anonymizer-config, a clone of anon-gw-anonymizer-config just running repair_torrc. This should be required in whonix too, as anon-gw-anonymizer-config guarantees torrc for anon-connection-wizard only.

Thanks for the clarification. I was mislead because tor-control-panel was checking Tor status enabled only, implying that a DisableNetwork line exists. A crude fix that may have to be refined.

Patrick · August 6, 2018, 8:19pm

Do we need any Log notice file anyhow? Can’t we read from syslog? Using journalctl -u or some python lib?

ExecStart=/usr/lib/other-anonymizer-config/torrc-parser path may be wrong for packages.debian.org. Should be tor-control-panel.
Same for systemd unit file name.
A systemd unit modifying config files in /etc may be unacceptable by packages.debian.org.
torrc-parser - well, it doesn’t really parse anything. It’s more like make-sure-torrc-exists.

Would be best/easiest if anon-connection-wizard should used the same config file names as tor-control-gui?

anon-gw-anonymizer-config should be updated to the new config file name.

Patrick · August 7, 2018, 10:38am

Patrick · August 7, 2018, 10:40am

Patrick · August 7, 2018, 10:55am

Patrick · August 7, 2018, 11:08am

Patrick · August 7, 2018, 11:19am

All merged.

Since we don’t use any command line options…

(And if we were using command line options we should still avoid asterix * and list each of them.)

Patrick · August 7, 2018, 11:46am

Bug on Debian:

kdesudo tor-control-panel
kdesudo(24116) KDESu::KDESuPrivate::KCookie::getXCookie: No X authentication info set for display  ":0" 

QLayout: Attempting to add QLayout "" to QFrame "", which already has a layout
tail: cannot open '/var/run/tor/log' for reading: No such file or directory
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/tor_control_panel/tor_control_panel.py", line 637, in refresh_logs
    with open(self.tor_log_html, 'w') as fw:
FileNotFoundError: [Errno 2] No such file or directory: '/var/run/tor/html-log'