Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

torbirdy replacement

Also in stable-proposed-updates Whonix repository for a few days now.

2 Likes

How can I download the thunderbird package with torbirdy from the Whonix repository?

This is available in all Whonix repositories.

Quote Whonix / Kicksecure 15.0.1.4.8 - for VirtualBox - Point Release!

Thunderbird protocol level leak prevention. Replacement for what previously was done by torbirdy. See torbirdy deprecated - replacement required . Ported from Tails to anon-apps-config. Credits: Thanks to Tails for the torbirdy replacement. Thanks @HulaHoop for the port to anon-apps-config.

I at first posted this into the support section - but I don’t need support for this and as the wiki points for reports to the forum in general and I’m not sure about usual practice, I decided to repost it here, as it seems related.

The standard Thunderbird network configuration 127.0.0.1:9102 should be redirected by anon-ws-disable-stacked-tor to 10.152.152.10:9102, but it isn’t in 15.0.1.4.9.libvirt for me.

UWT_DEV_PASSTHROUGH=1 curl 127.0.0.1:9102 responds with curl: (7) Failed to connect to 127.0.0.1 port 9102: Connection refused

No file for the 9102 port in /lib/systemd/system/ gets created.

So Thunderbird doesn’t work with the pre-configured settings. Setting it to 10.152.152.10 obviously ‘fixes’ it. As the redirection got added in this thread, I thought it might be relevant.

If you deem my current other problems causing this (Flushing iptables once, else no connection), then please feel free to delete/ignore this post.

1 Like

No it’s its own problem. I’ve seen reports about it on Twitter. @Patrick is there a better option that disabling this option altogether? I’d prefer getting stream isolation sorted out for it if possible.

1 Like

Temporary fix which users can run inside Whonix-Workstation:

sudo /usr/lib/anon-ws-disable-stacked-tor/systemd-unit-files-generator

Package fix will come later through upgrades:

2 Likes

Is this file still useful/required? @HulaHoop (since you originally added that)

(Came up due to [Resolved] Thunderbird mail.server.server1.check_new_mail Preference Locked in Whonix Workstations)

I think he just kanged it from https://gitlab.tails.boum.org/tails/tails/-/commits/stable/config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg.

Commit log says @intrigeri on the Tails gitlab wrote that. Maybe ask him?

EDIT: Linked the relevant file

Tails still has config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg · master · tails / tails · GitLab

Unlikely that someone from Whonix will do this. So if you don’t do it, most likely won’t happen.

1 Like

Yes it is the setting that forces TB to use local drafts folders instead of those on the server. It’s an important privacy setting.

But the enigmail settings can be removed?

I need to see all of the thunderbird related configs. The repo search functions seem to have been messed up by MS lately. Then I have to see what the new options are for similar encryption settings set by Tails.

1 Like

OK figured out all the changes needed and will commit soon.

Note that
/etc/thunderbird/pref/30_whonix.js may also be obsolete?

1 Like

Note for self: all TB files are in this package:

1 Like

Usability impact only:

/usr/lib/thunderbird/thunderbird.cfg was lacking

pref(“mailnews.start_page.enabled”, false);

but config/chroot_local-includes/usr/lib/thunderbird/thunderbird.cfg · stable · tails / tails · GitLab has it

Was this on purpose?

Added just now.

Yeah.

pref(“extensions.torbirdy.gpg_already_torified”, true);

Since torbirdy was deprecated, is no longer installed and torbirdy isn’t to be found in about:config we can be confident that it can be removed.

Best to remove the setting (minor cleanup) but keep the rest of the file just in case for the future?

Yes it was because it is already in the master settings file /etc/thunderbird/pref/40_thunderbird.js

I added this before they did

1 Like

You mean you want this file dedicated to encryption settings? I think it is more work and redundancy since everything is just dumped in the main file. If you want to keep the comments around as a reference, just go ahead and move them in

/etc/thunderbird/pref/40_thunderbird.js

under one of the native encryption prefs

1 Like

No, I didn’t mean that.

Yes. Just a file without settings. Comments only for further use.
Might be needed because Debian pushes major updates to Thunderbird (and Firefox) even in Debian stable.

Done.