- User Since
- Nov 24 2014, 4:03 PM (255 w, 3 d)
Jul 17 2018
For the time being, the vm's whonix gateway is hard coded in two files, the one watching and sending sdwdate satus and the one sending the shutdown notification.
Jul 7 2018
Have run the fuzzer unit test simultaneously in sys-whonix and five anon-vm.
Jul 5 2018
Update, after my post in the forum.
Mar 4 2018
A new Tor controller GUI.
Feb 16 2018
Added the relevant icon in show_message (after resizing the sdwdate icons from mediawiki, the original are huge).
Feb 15 2018
Some progress here.
Feb 4 2018
If possible: it should only show Tor restart gui / anon-connection-wizard if these are installed. Otherwise not show such a menu entry.
Have pushed an updated version with Restart Tor and Anon Connection Wizard commands from the menu, so you can have an idea of the look and feel. This is of course not written in stone. The standalone restart-tor-gui was updated for testing. https://github.com/troubadoour/restart-tor-gui
Feb 3 2018
Implemented some defensive code against qubes-dband qubes-qrexec-agent just in case. Now if one or both of those services stop, it just ensures that the sdwdate-gui programs don't crash, and that's it.
Feb 2 2018
It was actually easier to merge directly, if only for the new user sdwdate-gui created in postint.
Feb 1 2018
sdwdate-gui-qubes will be shortly ready for packaging.
Jan 30 2018
This can be easily done. A package with the merging has been tested already.
Jan 26 2018
What happens if a workstation is killed, and then later restarted?
Probably no. But I,m not an expert in security or attacks.
Jan 25 2018
The submenu commands are implemented. Looks nice and handy.
Jan 22 2018
For now, the qrexec commands are issued from the workstations sdwdate-gui,
for practical reasons, the main one being that it's easy to restart sdwdate from there.
Obviously they'll have to be in sdwdate.
Possibly, yes. Necessarily, maybe not. Keeping all the "if Qubes then"
logic outside of sdwdate may also be an option.
That would help a lot. There are not that many "if Qubes then" in sdwdate -- actually we also check if we are not in sys-whonix --, but when it comes to run the qrexec command in sdwdate, the problem begins. Have tried all sort of things to get the call, Popen or even os.system command working in sdwdate, to no avail, although call works in many other places.
Jan 20 2018
Some progress on this one. A summary without literature.
Jan 16 2018
Playing with tags.
Dec 19 2015
Yes, that sounds sensible. Remembering previous experience with TPO, it's probably better to wait and see what it will look like eventually. I'll try to finish the current version in Whonix with the architecture defined so far. We can redesign when Tor Launcher comes with new features. I'll use the new text though, aware that that will change too, but can be easily updated.
Dec 18 2015
Some changes to come in Tor Launcher.
Dec 5 2015
Yes, and it will make the wizard simpler. There is some work in https://github.com/troubadoour/whonix-setup-wizard. The discussion is continued in https://forums.whonix.org/t/whonix-setup-wizard-graphical-technical-discussion/650/202
Nov 29 2015
Yes, let's go for anon-connection-wizard.
Nov 27 2015
(wanted to remove obfsproxy package, but it would remove whonix-gateway too).
Had some doubts about obfsproxy AppArmor lines working in system_tor profile. They don't.
Nov 26 2015
Pushed a batch of commits.
Nov 3 2015
Oct 29 2015
Created a new branch tor-launcher-clone. It's for review only, showing the new pages.
For the Disable Tor option, implementing the "Advanced" button may satisfy everyone.
Oct 28 2015
I am also wondering if we need the disable Tor option. For this minority use case, wouldn't it make more sense if users disabled the (virtual) network interface then?
Will remove it, unless someone has a strong advice against it.
Do we want the Whonix logo in the wizard? I guess no.
Oct 27 2015
the first page (Connect or Configure) should be a separate GUI
It can be in the wizard, and it seems a logical place where to put the Disable Tor option.
Oct 25 2015
Started Tor Launcher clone interface.
Those pages are part of the wizard. But the first page (Connect or Configure) should be a separate GUI which either enable Tor or start the bridges wizard.
Oct 6 2015
A starting point to run a cli or GUI updater could be achieved with a minor modification in msgcollector.
The bridge options were tested (obs2, obfs3 and scramblesuit at the time, if I remember correctly) when we had the discussion about including them or not in whonix-setup-wizard, and decided to go for T118.
Sep 12 2015
Yes, it should be in commit 60bf3b98cf3cd0b20c9f186a3e896cb678758e99
Jun 27 2015
Could not see that one. Added.
Jun 18 2015
Looks like this option is not implemented.
in control-port-filter-python.service. It works as expected.
But with a typo
It still works. sudo service control-port-filter-python status reports active (running), and the process is still enforced.
Jun 11 2015
Had the same issue. The mrux or mrix permissions fix the parsing issue, but I'll have to check if that works in the host. I have not used the VirtualBox profile for a long time, and I'm not sure it's working as is in jessie. Not sure either if we should keep this profile in Whonix.
The upstream profile works with Whonix, and it's probably safer to keep the empty package.
Jun 9 2015
It was not the install error, but the original file was parsed, provoking the conflicting x modifiers error.
Jun 8 2015
I missed that post. Thanks for the finding.
May 27 2015
May 23 2015
Tested restart instead of start reload before your post, working. Could not check if that solves the issue at first boot in Whonix Gateway, (tor active, exited) but I guess it does, because a manual sudo service tor restart works.
May 19 2015
For information, tried it out of curiosity some time ago. control-port -filter-python is working with systemd only (control-port-filter-python removed from /etc/init.d).
May 18 2015
The pidgin profile from apparmor-profiles-extra is not okay in Whonix. See
May 15 2015
I am putting sd_notify in the pipeline, without guarantee that it will be completed before Whonix 11 release.
May 14 2015
In the unit file, changing Type = forking to Type = simple solves this issue.
sudo -u debian-tor /usr/sbin/cpfpd start and sudo -u debian-tor /usr/sbin/cpfpd stop works for me too. The problem is when the daemon is run with systemd.
May 8 2015
An update to cpfpd.
May 3 2015
Pushed some changes in control-port-filter-python.
Apr 28 2015
Yes, nothing urgent. This change is not intended for Whonix 10, say we have a good base and we can fine tune the script before Whonix 11 release. I guess some small issues might solve themselves after it's tested in a jessie based Whonix. We could change the tag, make tit Whonix 11.
The daemonized control-port-filter-python is nearly completed (with some tricks for wheezy).
Apr 18 2015
Yes, the kernel name was appended with -grsec but it was not enabled.
Apr 13 2015
Apr 10 2015
Yes, that's the first think to do before contuining. I am trying to contact translatewiki. The best - and perhaps only - mean seems to be IRC. The problem is that they are on freenode (#mediawiki-i18n), which bans Tor. They have a hidden service (difficult to know which one is current) but it's disabled at the moment. http://en.irc2go.com/?q=tor.
Apr 6 2015
Started with three whonixcheck files.
Apr 5 2015
The issue is fixed: access to bash_message was denied by AppArmor...
Or, using the same translation mechanism as whonix-setup-wizard.
Apr 3 2015
Yes, nothing critical.
Yes, the remaining work is cosmetic (so far).
Mar 27 2015
Removed some redundant lines in the configuration file parsing loop:
Mar 25 2015
I am not sure either if a difficulty field would be useful.
Pushed the modified argparser (+ unknown_args) and increased the vertical size to accommodate the style change with GTK (looks better than the top text box with a scroll bar). Would have had to do it with Qt too, and the root "style" is only slightly shifted.
Mar 24 2015
The width is fixed in gneric_gui_messge, the height is dynamically adjusted. The lines break at word level.
Have increased the width to accomodate the Primary key fingerprint in a single line.
Mar 22 2015
(which was not a typo).
- configuration class: all the global variables are moved into a new class.
- log only configuration file errors: no message if a configuration file is found. If we drop a snippet, only the last file read would be logged. It would be possible to give the list of found files. To be decided.
- bug If only ~ terminated or dpkg file in /etc/cpfpy.d: the daemon does not start (variables are not set) -> loads default configuration.
Mar 21 2015
I do actually see the argparse being related to this ticket on a broad scope since the issue directly impacted the ability to use whonix-setup-wizard.
Does it impact the ability to use the wizard or is that a cosmetic issue? When run with sudo or kdesudo (or gksu), the style defaults to a root one, not that pretty, I agree.
Mar 20 2015
Mar 19 2015
Mar 18 2015
I got mixed up in my own code.
Mar 17 2015
Do you mean starting tor?
Mar 12 2015
If we remove it and /etc/tor/torrc does not exist, the tor status page will be blank,
It's one of the statuses returned to the wizard. If we remove it, the tor status page will be blank, as well as the finish page.
It should not become an issue, but for the sake of consistency, I modified it.
Mar 11 2015
(By just reporting the issue. Should be quite seldom. Unless you have a better idea. :)
That's what it does does, reporting the error and giving some basic instructions to fix the problem (and re-run the wizard).
No, it looks done, after https://www.whonix.org/forum/index.php/topic,705.msg7290.html#msg7290.
Yes, we can forget it, we'll never run it when whonix-setup-wizard is installed.
Mar 8 2015
Please do it, since you'll write the bash side...
Thanks for the tails-dev link, that's what I was looking for (the archive, not a digest, wrong wording).
I'd prefer if you brought the news to Tails. You are probably more accustomed to their language, and I'm still feeling a little shy. That would be great if they were interested in the development of their original script, and above all, if they could come back with comments on security, or whatnot. :)
Mar 6 2015
/etc/init.d/control-port-filter-python and/or control-port-filter-python instead please.
Yes, done. Removed control-port-filter and installed control-port-filter-python. Had to modify whonixcheck/check_control_port_filter with /var/run/control-port-filter-python/pid.
The problem of this thread seems to be, that Tor Browser is keeping the connection open and that multiple connections are broken at the moment. Maybe Tor Browser is using multiple connections. Wouldn't wonder about that.
That's what seems to happen, Tor Browser keeping the connection(s) open.
Mar 5 2015
I believe what you report is connected, and it's not Tor specific because ther is no issue with cpfp-bash.
Done. Have merged your fixes beforehand.
Yes, a missing bit. Have seen authenticate too. Will make it case insensitive.
Yes. Was wondering about CONTROL_PORT_FILTER_PROXY since it's not used in either script. Will remove them.