whonix git repository onionized

Opening this ticket on support because not sure it is development as nothing is planned.

Could Whonix.org host an onion git repository?
I guess the answer is yes but currently not hosting it by a matter of hosting cost? Because I saw an issue about deleting git history on gitlab just to not exceed the free limit.

When would this be useful?

  • well, if using gitlab, could see issues and pull requests, although the current policy states to discuss issues on this forum
  • so the other clear answer is gitolite or gitea for just browsing the source code

Why? Just to browse the code?

  • No, I would like like to make anonymous commits and whonix repos not connected to nyxnor. Although the git structure needs to keep a history of who made the commits, this still sounds a better idea for not depending on github or gitlab.
  • Sometimes just exploring the code without having to clone the repo, saving bandwidth.

Related:

1 Like

The hosting for traffic, server, are marginal. Not the issue here at all.

The real cost of hosting any webapps is initial installation, long term maintenance and also user support.

For example for phabricator.whonix.org there’s now the issue how to get rid of it since deprecated upstream.

You’d think if major orgs such as facebook and wikipedia are using phabricator it should have a bright future, not going away but apparently not so.

Maintaining self-hosted installations of mediawiki, discourse forums, phabricator, (previously mailman and update hell wordpress), whonix.org mailer has cost tons of maintenance hours. There’s webapp upgrades, upgrade issues, broken databases, backup and restoration. Most webapps don’t support multiple domain names such as whonix.org and Whonix onion. Most webapps expect 1. Not two domain names with the same content. TLS clearnet vs non-TLS onion. Sometimes this can be done with complex web server configs.

So I am wary of self-hosting new webapps.

1 Like

I am glad that whonix manages to not redirect to clearnet if using onion, because not even TPO does that on their main website even after many requests.

But TPO gitlab does not redirect to clearnet
http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/team
as well as cgit
http://gzgme7ov25seqjbphab4fkcph3jkobfwwpivt5kzbv3kqx2y2qttl4yd.onion/tor.git/

All links from the webpage are using the same onion domain, just the links written as code or markdown obviously don’t change (stay in clear).

There’s webapp upgrades, upgrade issues, broken databases, backup and restoration.

This feels more like human resources problem of maintaining an operating system self-host installation with few contributors.

Most webapps don’t support multiple domain names such as whonix.org and Whonix onion. Most webapps expect 1. Not two domain names with the same content. TLS clearnet vs non-TLS onion.

Dunno how TPO does their gitlab server configs but it seems to work. Does not seems to be something difficult or url rewriting something like that, just using 2 virtual hosts.

They also seem to have an automatic push system to sync their different git repos on gitlab, gitweb and github. So not having to do manual work.

So I am wary of self-hosting new webapps.

Indeed something that can not be easily fixed because:

  • in the end, you are the one who will be hosting
  • even if there are contributors, the contribution is limited due to server access

But from the other whonix services, git seems to be the most easy as it is very simple compared to hosting forums and wiki.

The real cost of hosting any webapps is initial installation, long term maintenance and also user support.

  • initial installation + configuration
  • long term maintenance
    • I hope the maintenance is minimal with simple git server, not aware, haven’t hosted any
  • user support
    • how can one contribute to whonix anonymously? What if they want to fix something, but for whatever reason they can’t use their github profile to not link to their identity
    • whonix repos seems very quiet for the number of repos. Also because of the issue policy. But anyway, most people are using the software rather than building the tools, and git will always be for developers, although it would still be accessible for whoever wants to use it
1 Like

As for onion domain…

…I am not sure that has that much of a benefit because in the end it’s all hosted on the same commercial server.

And they have exponentially more funding and paid full time staff.

Yes.

I guess gitlab only and no gitweb would be sufficient for simplicity. TPO might not setup gitweb nowadays since they have gitlab now (port from trac to gitlab happened later). gitweb in case of TPO might be legacy.

Yes. And even if contributed, Whonix exists for 10 years now. Most contributors don’t stick around indefinitely. So for a lot contributed stuff, it’s now on me to keep maintaining it.

Yeah. I was wondering about that. If there was a lot of oversight and contributions to the server config, it would also be interesting to have the server config fully public in git.

But since for most repositories that’s not happening (unspecific to Whonix, projects have 1 or very few maintainers with occasionally contributors but very few keeping maximum scrutiny), I kept it private for better security (through obscurity).

Most projects don’t publish their server config.

  1. Anonymously git clone from github or github.
  2. Benefit from git’s decentralized nature. Git push the git branch to any repository anywhere.

Does that work?

Creating anonymous github or gitlab accounts is optional.

Creating github / gitlab pull requests is even more optional. It looks nice but a git branch anywhere and notification here is equally good for all important purposes.

Issue policy?

Perhaps try to host mediawiki or gitlab. clearnet + onion + perhaps even local for testing purposes to see if that’s your thing? Then we perhaps can proceed here…

Good question.

I’d have to Open Source parts of even most of of Whonix server config. Lots of goodies there. Same config hosts whonix.org as well as kicksecure.com thanks to a search/replace script. (Using similar webapps, mediawiki, discourse.) It’s all static config files in a local debian package with as little scripting as possible.

Lots of stuff implemented such as suggestions hardenize.com, ssllabs.com test, securityheaders.com. (Privacy Policy Technical Details - Kicksecure)

The Open Sourcing process would probably best be step by step. Then you’d locally reproduce it (setting up alternative onion, same webapps, clearnet somewhat optional). Perhaps report/fix issues, document stuff so the process gets easier for others later on.

Once the existing setup becomes clear, it might be possible to contribute new stuff.

1 Like

…I am not sure that has that much of a benefit because in the end it’s all hosted on the same commercial server.

If the server takes your sites down, it also can take down your onions, so in case your sites are attacked, is there an established way to receive information about it?

  • Social media → not everybody, also third-party
  • Github canary → third-party and also not related to canary goal

But since for most repositories that’s not happening (unspecific to Whonix, projects have 1 or very few maintainers with occasionally contributors but very few keeping maximum scrutiny), I kept it private for better security (through obscurity).

I see. I am not a webserver expert but leaving a public site with open source webserver config is different than making an operating system open source. But by the same way the server can be exploited by opensourcing it, it can also be hardened by more people looking at it, so more feedback.

  • Anonymously git clone from github or github.
  • Benefit from git’s decentralized nature. Git push the git branch to any repository anywhere.

Does that work?

I don’t think so because I still would need an account on github to push the code. Also, would not be possible to sync with my remote repo, as I wouldn’t have one, just local repos. Also need the github ssh authorization code, requiring a github account.
Or I am not familiar with pushing to git without having a remote repo and account.

Also, github is third-party, does not have an onion and does not want to have (issue opened since ages by a TPO worker, couldn’t find it now)

Another reason is that some people are away from some projects because they don’t want to link their github accounts with whonix code, for whatever reason.

Issue policy?

To open issue on the forum, not on the remote git repository.

Perhaps try to host mediawiki or gitlab. clearnet + onion + perhaps even local for testing purposes to see if that’s your thing? Then we perhaps can proceed here…

I guess this is an educated no haha. I would rather host an onion git once I have time to setup one also.

The Open Sourcing process would probably best be step by step. Then you’d locally reproduce it (setting up alternative onion, same webapps, clearnet somewhat optional). Perhaps report/fix issues, document stuff so the process gets easier for others later on.

It would be great to see how the configs looks like. I saw the thread with mig5 helping harden those headers, but in the end, not knowing exactly what was done does not help others implement on their own webservers.

Btw packages by Whonix might have low activity because they might not be well known. Packages might not be well known because there’s no nice interface to present them. In the future hopefully this might help:
packages.debian.org APT package repository web interface for deb.whonix.org

Yes.

An interesting problem I’ve been wondering for a long time but I don’t think anyone solved it.

Whonix Warrant Canary

Even official Whonix news aren’t read. Still lots of duplicate questions. Related:

No. Pushing a git branch doesn’t require github or gitlab. Just because Whonix has accounts at github and gitlab that doesn’t mean contribution needs an account at either service.

Any git repository anywhere on the clearnet or onion would be acceptable. Either at a third party host. Lets say an account at https://savannah.gnu.org/ or sourceforge.net could be used to host a git branch.

I could easily git remote add a repository which someone has pushed to savannah or sourceforge and wouldn’t need an account there myself. What I would do is an anonymous clone.

Even self-hosting an onion with gitlab, gitweb or anything other git compatible with be OK.

That’s what I meant with git is decentralized.

(Maybe related: Hosting Location Hidden Services - Whonix)

Last but not least, git is compatible with “e-mail”. Patches can (and regularity are for other projects) sent by e-mail. But even e-mail is optional. Plain text submission anywhere such as forums should suffice. A local git branch (anonymous clone from git(hub/lab) without account is sufficient. With the help of git-format-patch a text file can be created which could very most likely even be pasted here in this forum. That text file could be copied/pasted and applied in a local branch for review and then merged.

As for security, we shouldn’t rely on either TLS or onion anyhow. Not even on any servers. Whonix’s source code wouldn’t be compromised if all servers currently hosting it would be maliciously. That’s because I have a local copy on my local disk. For security, the important thing is to sign git commits and to verify git commits before merging.

As for users git cloning a repository it’s best for security to verify git commit signatures. (That’s documented in Whonix images build documentation as well as Whonix package build documentation.)

Currently if TLS or github/gitlab was ever compromised that would be caught when gpg verifying the git commit after git clone/fetch.

Currently Whonix onions suffer from the same issue as other onions hosted on a (commercial) server. Once the server is compromised, the attacker can impersonate the onion. There’s no onion domain hierarchical seed phrase (similar to cryptocurrencies) which can be used to spawn any number of onions from and there’s no revocation mechanism either.

TLS is standard. onion is kinda a “gimmick”. gpg is still the gold standard for git since that transcends all man-in-the-middle attacks (assuming previous secure transfer for gpg fingerprint and correct gpg usage). Related:

Does onion still seem important?

To git push you most likely need an account. But it doesn’t need to be at github or gitlab. Any third party or self-hosted git would work. (If self-hosted it might even be possible without account.)

Any remote repo could easily fetch from Whonix github/gitlab.

  1. Anonymously git clone Whonix github/gitlab…
  2. git push to third-party git server (clearnet, onion, third-party or self-hosted)
    Could probably be easily scripted.
    If gitlab based, gitlab as far as I know has a feature to auto-mirror.

For that, it’s always useful to have a separate (Whonix) VM with separate e-mail account and Whonix forum, github, gitlab or anything accounts.

For sure.
Very, very few projects publish their server config.

Btw mig5 worked under contract. Filled the gap that was left when fortasse the previous server maintainer stepped down. Other than that…

…nobody ever commented on any server related stuff which was Open Sourced back then.

Probably, I get lost on Whonix · GitHub because browsing through there requires me to click on each repo and explore the files or a short readme before understanding what it is about. This is ok for few repos, but after that it becames more difficult to get a grasp, so a presentation would be nice.

git-format-patch

Learned that now. I am not a programmer, just doing things out of fun, so pardon these questions.

Does onion still seem important?

Related to project surviving a third-party hosting attack, not anymore. GPG would suffice.

But just for the record, if in the future there is ever a whonix git repo, then yes, onion would be important.

…nobody ever commented on any server related stuff which was Open Sourced back then.

: (

1 Like

https://about.0xacab.org/

by riseup.net offers free git (GitLab) hosting and they also have an onion domain.

http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion

1 Like