issue is socat on Whonix, it does not occurs on debian.
report here https://github.com/nyxnor/tor-ctrl/issues/9#issuecomment-1013928468
commit here to change dependency s/socat/netcat-openbsd/ debian/control
netcat will be found before socat as the script was designed tor-ctrl/tor-ctrl at ab8f9d2b86f84bdc82402112f5bbe282df43e36e · nyxnor/tor-ctrl · GitHub
This seems difficult to debug and fix. Could be an issue with socat and/or onion-grater.
https://github.com/Whonix/anon-gw-anonymizer-config/issues/18
Would you be interested to take-over maintenance of anon-verify and anon-info? These tools seem quite useful outside of Whonix.
(Ideally these could be renamed. Would making migrating them from Whonix anon-gw-anonymizer-config to another package easier packaging wise. Always hard if another package takes over a file with the exact same file path. In Whonix, I’d add compatibility symlinks.)
Note: Adding tor to project names may or may not be an issue: Reference:
Or tor-ctrl getting a more generic name to allow other utilities being added?
Would you be interested to take-over maintenance of anon-verify and anon-info? These tools seem quite useful outside of Whonix.
Anon-verify is great and even though there is a debian file dep on that systemd service, it can be ignored.
Anon-info is just for debian systems, the installation of it can be optional
Before I can say it can be added to tor-ctrl, why it should be merge the interaction of tor conroller with scripts to verify the torrc and print debian sources.
I would be much more inclined to add anon-verify to vitor, as it is related to modifying tor configuration files.
anon-verify is too good to not be on upstream tor package, I don’t blame you for not submitting issues upstream as your account is blocked on gitlab.torproject.org.
Or tor-ctrl getting a more generic name to allow other utilities being added?
suggestions? it is the interaction directly with the tor’s controller, the scripts related to that will need to have a similar name. The repository and therefore the package name can be more generic.
I just like the tor- because it makes easier to find tor related packages
tor tor-ctrl-circuit tor-gencert tor-prompt
tor-circuit-established-check tor-ctrl-onion torify tor-resolve
tor-ctrl tor-ctrl-stream tor-print-ed-signing-cert torsocks
latest script tor-ctrl-onion helps:
creating a service has two detach methods, from detaching to not detaching.
the controller only accept keys in base64, while the configuration files can be in base32, so the issue above guides to convert keys from one to another (test before trusting, I’ve done by hand.)
Sure.
I don’t like anon- prefix instead of tor- prefix myself. Just couldn’t come up with a better idea, though. It’s not really whonix- specific either.
tor- obviously the most convenient, best and easiest to discover naming prefix but I don’t know if trademark issues could become an issue. (The Tor Project Trademark versus TorBOX / Whonix)
According to Tor Project | Trademark
Can I use the word “Tor” as part of the name of my product or my domain name?
Please don’t use Tor in your product name or domain name. Instead, find a name that will accurately identify your products or services. Remember that our goal is to make sure that people aren’t confused about whether your product or project is made or endorsed by The Tor Project. Creating a new brand that incorporates the Tor brand is likely to lead to confusion, and commercial confusion is a sign of trademark infringement.
The Tor Project feature request:
Move tor-ctrl from deprecated section to currently used.
I tried editing the wiki, but couldn’t find how to edit the whole page in a stance, would need to make two separate edits apparently.
Note: Vidalia and tor-ctrl have been deprecated and are no longer packaged in Debian.
Deprecated
I was thinking of using tor-ctrl SETEVENTS GUARD but figuring out exactly what to do on what events would require a lot of testing.
TPO does not document that on purpose, not only how to react to guards, but how to interact with the controller. They don’t teach you how to that for whatever reason they restrict people who has spent hours reading the code to make the interaction with the controller works. The specs control.spec.txt does not works for this because it doesn’t teach what the tor events means, it is just sent and up to you to decide.
For GUARDS reaction, there is GitHub - mikeperry-tor/vanguards: Vanguards help guard you from getting vanned..., but the debian package is almost 3 years old now.
Would be good to document all the guards important events.
Raspberry Pi TorBox log_check_config.py and log_check.py is an event based reaction to tor logs, it can restart tor or drop guards. The same could be done with the controller.
I was thinking, if we could aggregate enough info on tor guards, circuits events, we could take a better action towards a better connection.
BTW, on my experience, if I see guards problem for a long time that couldn’t make a connection even after restarting tor, I send the command tor-ctrl DROPGUARDS, to change guards. They seem to want to remove this option and I am not advising anyone to use it, just saying. If one day, they remove dropguards commands, it would still be possible to change guards by deleting some files on DataDirectory.
The Tor Project feature request:
Already posted here on the correct thread:
That is very much OK. We’re accepting even 10 tiny edits each just fixing a single letter typo. There aren’t requirements such as “pretty git history” or “good edit comment”.
For tor-ctrl-observe I was even wondering about creating a dedicated wiki page. Anything appropriate to maximize usefulness for users.
Great!
Yeah. Ideally would be nicely documented. Soon tor-ctrl will be pre-installed. I forgot adding it in this point release but it’s done already in git.
There is a arrow down symbol. Called “supermenu”.
Direct link to edit all just in case not easy to find:
https://www.whonix.org/w/index.php?title=Tor%20Controller&action=edit
Please let me know if there are other wiki edit questions.
Would simplify Manual Rotation of Tor Guards.
Thanks, found the supermenu.
For tor-ctrl-observe I was even wondering about creating a dedicated wiki page. Anything appropriate to maximize usefulness for users.
Made the edit but yet, it feels like needing a separate wiki page.
tor-ctrl should probably have an onion-grater profile if anyone wants to create services from the Workstation.
Different than onionshare, target ports are not limited, so don’t know how to limit the profile with this.
I don’t have any reason to limit target port, it is ok for onionshare as it is designed around a one click installation and the server is configured for you. But for tor-ctrl, you probably will configure your server and you need to specify the target address that will be listened to by the webserver.
A general tor-ctrl profile would be difficult. In that case, one could also set onion-grater to complain mode which lets through everything.
I don’t see the use case yet. Adding onion services isn’t a frequent task?
Anyhow. This would be contributions welcome. Not trivial to implement but easy on my side, it 1 more example profile in the onion-grater-merger examples folder.
Created an empty tor-ctrl-observer - Tor Connection Destination Viewer just now. (The page name can certainly be modified/moved if there are better suggestions.)
I was looking tor command line tools and found carml.
It is very nice the monitor command, the log messages are easy to read not raw, even though you can still see raw with events command.
Carml is built upon txtorcon, both by Meejah.
Unfortunately carml does not have a debian package, but txtorcon the library has, so possible that in the feature he provides pushes it to debian.org.
interesting commands:
Much better than tor-ctrl of course in terms of user friendliness, interpreting events, has a whole library.
Not available on deb.debian.org so one would need to maintain the package. Has some dependencies not available on debian repos such as ansicolors.
It is a great tool and I hope it becomes available on debian soon, but it it on version 21.1.0, so maybe there is something blocking.