Page MenuHomePhabricator

install Tor Browser by default in Qubes-Whonix
Closed, ResolvedPublic

Description

For better usability.

Whonix's build script as well as tb-updater already supports that. Build script command line switch:

## --tb none|closed|open
## none: Do not install Tor Browser.
## closed: Fail closed if Tor Browser cannot be installed.
## open: Fail open if Tor Browser cannot and installed.

Failing open vs closed:

  • Failing open: if Tor Browser download fails, the build continues without invoking the error handler.
  • Failing closed: if Tor Browser download fails, the build invokes the error handler.

Why not fix tb-updater and make sure it does not fail?

Economically impossible. In past, TPO kept changing download locations, links, verification scheme, version format and more. I would be surprised, if tb-updater won't need to be updated in future again to cope up with their changes.


What are the reasons, why we didn't do this earlier for Whonix 10? From https://www.whonix.org/wiki/Tor_Browser#Not_installed_by_Default.

Tor Browser is not installed by default anymore. If you are interested in the reasons why, [...]

Licensing reasons:

If the distributor of Qubes-Whonix, the Qubes team doesn't mind, I (@Patrick) won't mind either.

Security reasons:

  • Forces the user to get an up to date version of Tor Browser. By the time users download Whonix, mostly the shipped version of Tor Browser would be already outdated.

Could be solved by frequent releases if you're up for that. Or solved by having users manually upgrade. Then at least half of the time they have better usability.

Technical reasons:

  • Users who build Whonix from source code won't have issues with a build script that is broken, just because of issues with downloading Tor Browser. [Although since Whonix 10 the build script has an option --tb open that would fail open, i.e let the build continue, even if Tor Browser download failed as opposed to --tb closed that would fail closed, i.e. invoke the usual error handler of the build script. (Default is --tb none.)]

What's your thoughts on that... Do we want the build to fail open or closed by default?

Details

Impact
Normal

Event Timeline

Patrick updated the task description. (Show Details)Jun 3 2015, 8:58 PM
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, nrgaway.
Patrick created this task.
Patrick raised the priority of this task from to Normal.

I noticed tor-browser installs in the root of the users home directory.

Would it be possible to automatically install it in the ~/bin directory as not to clutter the root directory?

In T337#5157, @nrgaway wrote:

I noticed tor-browser installs in the root of the users home directory.
Would it be possible to automatically install it in the ~/bin directory as not to clutter the root directory?

Created T338 for it. Will answer there.

It should fail as the build would not be complete.

I think it might be better for qubes-builder to download and verify the browser though, then it would be available to install after Whonix?

In T337#5182, @nrgaway wrote:

It should fail as the build would not be complete.

Ok.

I think it might be better for qubes-builder to download and verify the browser though, then it would be available to install after Whonix?

When you run whonix_build, just add below line ~175...

--tb closed \

That's all and this ticket will be implemented. [+ testing] It will be installed in the image. And therefore of course be available after first boot of the image.

(FYI: This is done by the chroot-script /usr/lib/anon-dist/chroot-scripts-post.d/70_torbrowser)

Whonix's build script can do this. The ability to implement this ticket is one reason why I implemented this. I don't know what benefit it would have to re-implement this in qubes-builder.

The only reason is since I was under impression the file will be downloaded and may fail, compared to downloading the file initially and knowing it won't fail since the file is already in local repo directory.

I will test it out; sounds cool!

In T337#5192, @nrgaway wrote:

The only reason is since I was under impression the file will be downloaded and may fail, compared to downloading the file initially and knowing it won't fail since the file is already in local repo directory.

Understood. (Well, when tb-updater fails downloading it, anything else would also fail. So it cannot be made more robust to my knowledge either way.)

I will test it out; sounds cool!

Great.

Patrick closed this task as Resolved.Aug 15 2015, 2:39 AM
Patrick claimed this task.

Done in Whonix 11.