When you run dispatch_x once, you already get two popups. The real one on top. Please move it elsewhere. You. With your mice. Just to see it. Not with programming. Just to look what I mean. Then you'll see that there is a second popup below the real popup. The second one should get rid of. I can make a screenshot if necessary.Yes, there is a second popup, but only under the whonixcheck popup.Could you please check it's the same for you? I have spent a couple of hours already trying to solve this mystery, continuing...
I don’t think this has anything to do with whonixcheck.
We can luckily (and should always be able to) test msgdispatcher_dispatch_x without mentioning whonixcheck.
No bug.
Bug.
Conclusion, somehow the 0 / 1 (lefttop) causes this.
Conclusion, somehow the 0 / 1 (lefttop) causes this.
Definitely. I might have to rethink the whole script, because the normal behavior is to show the small popup below the message. It’s the parent window, and in order to move it anywhere, I have to call the ‘.show()’ method. But if I modify the script
if str(sys.argv[4]) == "0":
self.move(0, 0)
self.show(0
elif str(sys.argv[4]) == "1":
self.move(0, 0)
self.show()it’s still not showing with lefttop 0.
Just to say that sometimes something apparently dead simple can become awfully tricky :-[
I’m afraid that, for the moment, we have to live with the small window below the whonixcheck popup.
I have tried with pygtk and tkinter, it is worse. The window width is fixed to a narrow size for both and it’s impossible to move a message box, it’s at the center of the screen by default.
The problem: a message box is not an app, it has to be called from it. For whonixcheck, I have to show the app window for moving it to the left top. It I hide just after show-move, it goes back to the center.
By contrast, first_use_notice is an application in itself and then can be moved to any position on the desktop. i could try to put the messages in a similar window, but there is the problem of the variable size and the info/warning/error icon. It’s probably possible with some non standard work.
Ok.
Another unrelated question, is there in python something like xtrace (aka "verbose show me all commands as you run them) (aka “bash -x scriptname”) or what do you recommend to step through a python script (onionshare)?
Another unrelated question, is there in python something like xtrace (aka "verbose show me all commands as you run them) (aka "bash -x scriptname") or what do you recommend to step through a python script (onionshare)?There is a small utility at https://pypi.python.org/pypi/xtrace. It should be the equivalent "bash -x scriptname" that I've never used. The problem is that it's a download, no signature or checksum with it.
For debugging, I use PuDB. It is a simple console debugger. You can set breakpoints, run to them, step into the code… just run “pudb <script_name>”. It’s available at Debian (python-pudb).
I have pushed a new msgdispatcher_dispatch_x on github.
This one has no small window beneath the GUI. I’m trying to make it more versatile. For the moment there is a (perhaps) interesting feature that could be implemented. If we change the text format from ‘PlainText’ to ‘RichText’ (line 33 in the script), the text can be formatted with standard HTML marks:
for paragraphs,for line breaks. for bold and so on.
I have tested it, it looks nice when you want to highlight something (like the heartbleed bug, for example). If you want to go for it, I would have to modify the calculation of the vertical size.
New push. I had left a line from some of my tests that would prevent the script from working.
[quote=“troubadour, post:27, topic:246”]This one has no small window beneath the GUI. I’m trying to make it more versatile. For the moment there is a (perhaps) interesting feature that could be implemented. If we change the text format from ‘PlainText’ to ‘RichText’ (line 33 in the script), the text can be formatted with standard HTML marks:
for paragraphs,for line breaks. for bold and so on.
I have tested it, it looks nice when you want to highlight something (like the heartbleed bug, for example). If you want to go for it, I would have to modify the calculation of the vertical size.[/quote]
Sounds very interesting! Especially clickable hyperlinks would be interesting!
But we have to be careful. Let’s keep in mind, that msgcollector might receive untrusted input. IP addresses (from check.torproject.org) and whonix news should be thought of as untrusted input. This means, one day some text could be specially prepared. Having some extra “
…” to do something malicious.
We must make sure, that no text that dispatch_x is getting will be executed as python commands. (In other words, strictly handle the input as string.)
Malformed input, such as “ … </b” (missing trailing “>”) should not result in a python error and not showing any message window at all.
Could you point me to the documentation of that rich text format please? If it is robust against malformed input and does not contain anything too fancy, we can use it.
But we have to be careful. Let's keep in mind, that msgcollector might receive untrusted input. IP addresses (from check.torproject.org) and whonix news should be thought of as untrusted input. This means, one day some text could be specially prepared. Having some extra "I am looking at how to create hyperlinks in a dialog. From a first glance, it's not straightforward (nothing is in Qt :( ). As for malicious input, I'm still too fresh to be able to comment...." to do something malicious.
We must make sure, that no text that dispatch_x is getting will be executed as python commands. (In other words, strictly handle the input as string.)Qt is dealing with the text, and Python should not be affected.
Malformed input, such as " ... ") should not result in a python error and not showing any message window at all.From my numerous tests, malformed HTML tags will only scramble the message.
Calling the script from another python script may lead to problems, though. To take care of the spaces, you have to embrace the text between double and single quotes, otherwise each word would be parsed as an argument. If there is any quote in the message, it will raise an error. It" ’ "s not a problem when calling from a shell script.
The documentation on the rich text format is here: https://qt-project.org/doc/qt-5/richtext-html-subset.html. Just let me know if we go forward with it.
Pushed a new flavor of msgdispatcher_dispatch_x.
Whatever the length of the message, the GUI window cannot be taller than the available vertical desktop space. Whenever the limit is reached, the text becomes scrollable. I was annoyed when the window was popping outside the boundaries of the screen with the lower part of the text and the OK button hidden (and alt+F4 to close). so I consider it a good improvement.
I fixed a bug coming from my test version. My msgdispatcher was modified. It should work now.
Testing with the rich text format. The links in the message can be clicked open in a new Tor browser instance, after a Whonix warning “your activities might get linked”.
This is not pushed, it’s in my local version.
Yes? No?
Yes.
(Sorry I missed that question.)
I am curious to try with richtext support.
You know whonixcheck colors in terminal… Maybe we can make something similar for whonixcheck in X?
Could you write a python script, that removes all richtext/html tags from a string? Difficult? Probably not? Probably there is a python function for this?
whonixcheck could use the untrusted input and run strip_richhtml (or so) and strip_richhtml would echo it with all tags stripped.
You know whonixcheck colors in terminal... Maybe we can make something similar for whonixcheck in X?That would be nice. It must be possible, we'll see...
Rich text in the whonixcheck result window is nice too.
Could you write a python script, that removes all richtext/html tags from a string? Difficult? Probably not? Probably there is a python function for this?Yes, there is.
whonixcheck could use the untrusted input and run strip_richhtml (or so) and strip_richhtml would echo it with all tags stripped.So, if i understand correctly, we would rewrite all the 'local MSG=' in the /usr/lib/whonixcheck scripts with HTML tags. Then strip them for the concole: [code] if [ ! "$apt_get_exit_code" = "0" ]; then local MSG="
Debian Package Update Check Result: Could not check for software updates! (apt-get code: $apt_get_exit_code) Please manually check: (Open a terminal, Start menu -> Applications -> System -> Terminal.) sudo apt-get update && sudo apt-get dist-upgrade
" $output ${output_opts[@]} --messagex --typex "warning" --titlex "$TITLE" --message "$MSG" local MSGcli=stripHTML("$MSG") ## something like that. $output ${output_opts[@]} --messagecli --typecli "warning" --titlecli "$TITLE" --message "$MSGcli" return 0 fi [/code] or can we do it in msgdispatcher, in the "while true" loop?or can we do it in msgdispatcher, in the "while true" loop?I didn't have exactly this in mind, but we can do this. Anyway. Good idea. So we don't have to write different messages in whonixcheck for CLI and X, if only the rich tags would differ.
The part of code I had in mind:
https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_tor_socks_or_trans_port#L183
Variable $ip is untrusted input coming from check.torproject.org. Running it through striphtml would be much more robust.
Once there is the striphtml we can easily do both.
[quote] or can we do it in msgdispatcher, in the "while true" loop? [/quote] I didn't have exactly this in mind, but we can do this. Anyway. Good idea. So we don't have to write different messages in whonixcheck for CLI and X, if only the rich tags would differ.
Actually, i could not get it working in msgdispatcher. It seems that
if [ -f "/var/run/msgcollector/${identifier}.messagecli.done" ]; thenis never called in normal situations.
I must be wrong, but anyhow, I have put it in msgcollector.
if [ "$messagecli" = "1" ]; then
write_to_file="/var/run/msgcollector/${identifier}.messagecli"
if [ ! -z "$message" ]; then
## variable $message exists
message=$(/home/user/striphtml "$message") ## here
pretty_type "$typecli"
message="[$p_type] [$identifier] $message"
echo "$message"
fi
append_to_file
fiIt works fine. I have modified a few whonixchek messages for testing. The GUI has got he clickable links, and the errors are are displayed in bold,
Example:
"<p>Debian Package Update Check Result: <b>Apt-get reports that ${number_upgraded} packages can be updated.</b> Please update Whonix-Gateway and Whonix-Workstation:
(Open a terminal, Start menu -> Applications -> System -> Terminal.)<br>
sudo apt-get update && sudo apt-get dist-upgrade</br></p>"
but the cli ouput is as before.
The GUI window height is limited to the screen height minus the panel, and the text is scrollable when it exceed the limit.
I will have to modify all the whonixcheck and timesync messages to fully test it.
The part of code I had in mind: https://github.com/Whonix/whonixcheck/blob/master/usr/lib/whonixcheck/check_tor_socks_or_trans_port#L183Variable $ip is untrusted input coming from check.torproject.org. Running it through striphtml would be much more robust.
The striphtml function, as it implies, does that, and only that. We can run ip through it, but the lines
ip="$(echo "$ip" | sed 's/Your IP address appears to be//g')"
ip="$(echo "$ip" | sed 's/://g')"
ip="$(echo "$ip" | sed 's/ //g')"have to be left, for the moment. I use ‘re’ for stripping the HTML tags, and there is a way to strip the rest, but I have to delve further into it, as it is still a little esoteric for me (like your bash magic).
Sounds good!
The striphtml script would be better implemented in the dispatch_cli function in msgdispatcher rather than in the while loop in msgdispatcher. If you push your progress to github, I will fix the bash parts.
The striphtml function, as it implies, does that, and only that. We can run ip through it, but the lines [code] ip="$(echo "$ip" | sed 's/Your IP address appears to be//g')"ip="$(echo "$ip" | sed 's/://g')" ip="$(echo "$ip" | sed 's/ //g')"[/code]
have to be left, for the moment. I use ‘re’ for stripping the HTML tags, and there is a way to strip the rest, but I have to delve further into it, as it is still a little esoteric for me, like your bash magic.
Yep, they have to be left for now. That string manipulation is than the striphtml script should do.