Tor Config Files
The implementation is as it follows.
- /etc/tor/torrc holds minimal content, so we don't have to update it ever again
- Instructions in /etc/tor/torrc say "copy and paste from /etc/tor/torrc.examples".
- We should never update /etc/tor/torrc because that would lead to an interactive dpkg conflict resolution dialog  , because that would be bad from an usability perspective. Such an interactive dpkg conflict resolution dialog confuses quite some users. Also from a security perspective, if the user chooses Y or I (install the package maintainer's version), the user may lose its (security) settings such for example its proxy and/or obfuscated bridges settings.
- /etc/tor/torrc.examples contains configuration examples.
- Whonix's Tor settings go into /usr/share/tor/tor-service-defaults-torrc.
- Users will ignore /usr/share/tor/tor-service-defaults-torrc, because this file is barely advertised and barely popular.
- /usr/share/tor/tor-service-defaults-torrc can be updated without any conflicts with user modifications.
Only Two Config Files
- Using only /usr/share/tor/tor-service-defaults-torrc and /etc/tor/torrc, not using /etc/tor/torrc.examples.
- And having configuration examples (instructions) in /usr/share/tor/tor-service-defaults-torrc. Using a minimal /etc/tor/torrc to tell them to look into /usr/share/tor/tor-service-defaults-torrc for configuration examples.
- This is a bad idea, because users get tempted comment in things in /usr/share/tor/tor-service-defaults-torrc.
- When they do this, they settings would get lost and overwritten without asking next time they update anon-gw-anonymizer-config, because /usr/share/tor/tor-service-defaults-torrc is not a configuration file (since in /usr, not /etc folder).
Only One Config File
- Using only /etc/tor/torrc, leaving /usr/share/tor/tor-service-defaults-torrc with defaults (from Debian), not using /etc/tor/torrc.examples.
- Using /etc/tor/torrc for user examples, user's own modifications and Whonix's Tor settings.
- This is bad, because when users have edited /etc/tor/torrc and anon-gw-anonymizer-config gets updated, it will throw an interactive dpkg conflict resolution dialog. Users might decide to keep their old config file and will miss (security) improvements.
Missing /etc/tor.d/ Feature
Upstream feature request:
torrc.d-style configuration directories
Not having an Whonix modular flexible .d style configuration folders) makes implementation of additional features that require additional Tor (/etc/tor/torrc) settings much harder. For example it would improve usability to provide a whonix-gw-hidden-webserver package, that automates the Whonix-Gateway specific instructions for Hidden Services. If there was a style folder, we could just drop the configuration snippet there, and if the feature gets disabled or the package installed, that configuration snippet gets purged. Adding additions to /etc/tor/torrc with a script is problematic, because those additions cannot be removed by a script if the user slightly modified those lines.style folder (similar to
Maybe clearly marking the configuration snippet would help.
### BEGIN whonix-gw-hidden-webserver ### ## ## DO NOT EDIT THIS SECTION ## ## Add your modifications on top of BEGIN or below END. ## It is automatically generated by whonix-gw-hidden-webserver with settings ## from /etc/whonix.d folder. If you edit this section, removal by ## whonix-gw-hidden-webserver will fail. To remove this section, run: ## sudo whonix-hw ## HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 10.152.152.11:80 ## ## DO NOT EDIT THIS SECTION ## ### END whonix-gw-hidden-webserver ###
interactive dpkg conflict resolution dialog exampleː
Configuration file `/etc/tor/torrc' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : background this process to examine the situation The default action is to keep your current version. *** interfaces (Y/I/N/O/D/Z) [default=N] ? N
- Because, /etc/tor/torrc comes with an out commented #DisableNetwork 0 which gets commented in by whonixsetup, i.e. whonixsetup changes that line to DisableNetwork 0, which dpkg will consider as user modification.
Impressum | Datenschutz | Haftungsausschluss
Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.