Tor integration in Whonix ™ Development Notes
< Dev
Jump to navigation
Jump to search
Donate
Tor Version, Package source (Debian, backports, Tor Project package repository), Config Files, Miscellaneous
Tor Version[edit]
According to the Tor release note
, there are usually several different major versions of Tor supported by the Tor project. However, due to the the limited time the Tor packager has, only a few major versions are packaged and ready to be used.
For example, in December, 2017, five major versions of Tor were supported. Specifically:
- Debian
stretchrepository contained another LTS, which was version0.2.9. deb.torproject.org, also known as Tor, Tor Project or TPO repository, had the latest stable Tor which was version0.3.1.9.
A major consideration in choosing the most suitable Tor version for Whonix ™ is that the latest stable found in the TPO repository may lead to network breakage. [1] The reason is the "stable" tag indicates it is stable version of Tor, which does not necessarily match the "stable" Debian version that Whonix ™ is actually using. [2]
There are three primary Tor options for Whonix ™ developers and each of them has pros and cons:
1. Use the Tor LTS version from the official Debian package repository: packages.debian.org
- Advantages: Minimal effort is required in Whonix ™.
- Disadvantages: Misses the advantages of later versions (see below).
2. Use latest stable in TPO repository and allow testers to use the Tor nightly build in Whonix ™, with bug reporting bug to TPO
- Advantages: Latest features, better security, improved Tor Browser compatibility (using
SocksPortwith flags and even better connectivity performance). [3] - Disadvantages:
- From the Whonix ™ perspective, these packages are uploaded to
deb.torproject.orgat random times. These packages are not guaranteed to be compatible with Whonix ™. While there are no security concerns, these packages could break a system's APT package management (due to incompatible dependencies) or connectivity, in case Tor refuses to start. This can arise due to a configuration incompatibility in a newer version of Tor, or for other reasons such as systemd or apparmor related changes. - In May 2021 a transient repository issue broke Whonix ™ build process.
- In December 2022, caused issue FAILED to start Anonymizing overlay network for TCP - Tor fails to start a few times before succeeding to start.
- In February 2023, might have caused issue Fresh whonix-kvm install gateway error.
- There is nothing similar to
snapshot.debian.org. Keeps changing (newer versions being added). Hence, can introduce build issues such as above. Unsuitable for reproducible builds / Verifiable Builds. - Porting to other architectures issues.
- Only available for the
i386,amd64,arm64architectures. - Introduces differences / issues such as for example for the
ppc64elplatform. [4]
- Only available for the
- From the Whonix ™ perspective, these packages are uploaded to
3. Versions are downloaded from deb.torproject.org, verified to work, and then migrated to deb.whonix.org
- Advantages: Flexibility in version selection, a guaranteed way to confirm that only stable Tor versions which are functional in Whonix ™ will be uploaded.
- Disadvantages:
- A few testers are needed, manual uploads are required, and Whonix ™ touches Tor.
- Other issues from 2. above equally apply.
Whonix ™ developers have chosen the third method for now. [5] However, the comparison above suggests better security and compatibility is afforded by the second option. This approach requires a lot of active testers who can use the Tor nightly build and report bugs to the Tor project or Whonix ™. [6]
Tor Config Files[edit]
Rationale for Tor Drop-In Configuration Folder[edit]
Having a Tor Configuration Drop-In Folder makes implementation of additional features that require additional Tor settings much easier. For example it could improve usability to provide a whonix-gw-hidden-webserver package, that automates the Whonix-Gateway ™ specific instructions for Onion Services. Such a package could just drop the configuration snippet there, and if the feature gets disabled or the package installed, that configuration snippet gets purged. Adding additions to /etc/tor/torrc with a script is problematic, because those additions cannot be removed by a script if the user slightly modified those lines and because these can cause a dpkg interactive conflict resolution dialog.
Current Implementation[edit]
The implementation is as it follows.
/etc/tor/torrcholds minimal content, so ideally it will need as few updates as possible or never again in the future. The only effective command is%include /etc/torrc.d/which results in parsing folder/etc/torrc.d.- The lexical high file
/etc/torrc.d/95_whonix.conf instructions to %include /usr/local/etc/torrc.d/. - Instructions in
/etc/tor/torrcand documentation instructs users to not edit that file and use use/usr/local/etc/torrc.d/50_user.confinstead. /etc/tor/torrc.examplescontains configuration examples.- Some Whonix ™ Tor settings unfortunately still go into
/usr/share/tor/tor-service-defaults-torrc due to Qubes-Whonix eth1 static networking feature not being implemented yet. - Most users probably ignore
/usr/share/tor/tor-service-defaults-torrc, because this file is barely advertised and barely popular. /usr/share/tor/tor-service-defaults-torrccan be modified by Qubes-Whonixreplace-ips without any conflicts with user modifications or dpkg interactive conflict resolution dialog.- Debian feature request: add torrc.d configuration directory
- Initial Tor feature request: torrc.d-style configuration directories
- Improvement Tor feature request: Parse only .torrc files in torrc.d directory
- https://github.com/Whonix/anon-gw-anonymizer-config
Rejected Alternatives[edit]
Only Two Config Files[edit]
- Using only /usr/share/tor/tor-service-defaults-torrc and /etc/tor/torrc, not using /etc/tor/torrc.examples.
- And having configuration examples (instructions) in /usr/share/tor/tor-service-defaults-torrc. Using a minimal /etc/tor/torrc to tell them to look into /usr/share/tor/tor-service-defaults-torrc for configuration examples.
- This is a bad idea, because users get tempted comment in things in /usr/share/tor/tor-service-defaults-torrc.
- When they do this, they settings would get lost and overwritten without asking next time they update anon-gw-anonymizer-config, because /usr/share/tor/tor-service-defaults-torrc is not a configuration file (since in /usr, not /etc folder).
Only One Config File[edit]
- Using only /etc/tor/torrc, leaving /usr/share/tor/tor-service-defaults-torrc with defaults (from Debian), not using /etc/tor/torrc.examples.
- Using /etc/tor/torrc for user examples, user's own modifications and Whonix ™ Tor settings.
- This is bad, because when users have edited /etc/tor/torrc and anon-gw-anonymizer-config gets updated, it will throw an
dpkg interactive conflict resolution dialog. Users might decide to keep their old config file and will miss (security) improvements.
Tor Control[edit]
See Talking to the real Tor Control Port.
Why Waste Network Bandwidth by Downloading Operating System Updates over Tor?[edit]
The short answer is this option was discussed with The Tor Project and Whonix ™ was granted permission to do so.
Interested readers who want to learn more should review the following:
- Tor Project thread about this issue; see updates over Tor, should not waste Tor bandwidth.
- The Tor Project was asked directly, after this issue and possible solutions were discussed thoroughly by the Whonix ™ team; see tor-talk Operating system updates / software installation behind Tor Transparent Proxy. [7]
- Andrew Lewman, a former Executive Director, Director and press contact for Tor downloads a lot of updates over the network and did not complain.
Forum Discussion[edit]
- https://forums.whonix.org/t/tor-integration-in-whonix/10593
- https://forums.whonix.org/t/tor-upgrades/10302
Tor Duplicate Config File Restart Bug[edit]
May 27 13:04:26 host systemd[1]: tor.service: Succeeded. May 27 13:04:26 host systemd[1]: Stopped Anonymizing overlay network for TCP (multi-instance-master). May 27 13:04:26 host systemd[1]: Stopping Anonymizing overlay network for TCP (multi-instance-master)... May 27 13:04:26 host systemd[1]: Stopping Anonymizing overlay network for TCP... May 27 13:04:26 host systemd[1]: tor@default.service: Succeeded. May 27 13:04:26 host systemd[1]: Stopped Anonymizing overlay network for TCP. May 27 13:04:26 host systemd[1]: tor@default.service: Consumed 1min 6.810s CPU time. May 27 13:04:26 host systemd[1]: anon-gw-anonymizer-config.service: Succeeded. May 27 13:04:26 host systemd[1]: Stopped Make Sure Torrc Files Exist and Clean Tor Config Folders. May 27 13:04:26 host systemd[1]: Stopping Make Sure Torrc Files Exist and Clean Tor Config Folders... May 27 13:04:26 host systemd[1]: Starting Make Sure Torrc Files Exist and Clean Tor Config Folders... May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -d /etc/tor ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -d /etc/torrc.d ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -d /usr/local/etc/torrc.d ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -e /etc/tor/torrc ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -e /etc/torrc.d/95_whonix.conf ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -e /usr/local/etc/torrc.d/40_tor_control_panel.conf ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' '!' -e /usr/local/etc/torrc.d/50_user.conf ']' May 27 13:04:26 host tor-config-sane[17986]: + '[' -n '' ']' May 27 13:04:26 host tor-config-sane[17986]: + tor_user=debian-tor May 27 13:04:26 host tor-config-sane[17986]: + '[' -n '' ']' May 27 13:04:26 host tor-config-sane[17986]: + tor_group=debian-tor May 27 13:04:26 host tor-config-sane[17986]: + '[' -n '' ']' May 27 13:04:26 host tor-config-sane[17986]: + tor_dir=/var/lib/tor May 27 13:04:26 host tor-config-sane[17986]: + '[' -n '' ']' May 27 13:04:26 host tor-config-sane[17986]: + client_onion_auth_dir=/var/lib/tor/authdir May 27 13:04:26 host tor-config-sane[17986]: + mkdir -p /var/lib/tor/authdir May 27 13:04:26 host tor-config-sane[17986]: + chown debian-tor:debian-tor /var/lib/tor/authdir May 27 13:04:26 host tor-config-sane[17986]: + search='%include /etc/torrc.d/ May 27 13:04:26 host tor-config-sane[17986]: %include /etc/torrc.d/95_whonix.conf' May 27 13:04:26 host tor-config-sane[17986]: + replace='%include /etc/torrc.d/' May 27 13:04:26 host tor-config-sane[17986]: + file_name=/etc/tor/torrc May 27 13:04:26 host tor-config-sane[17986]: + LANG=C May 27 13:04:26 host tor-config-sane[17986]: + str_replace '%include /etc/torrc.d/ May 27 13:04:26 host tor-config-sane[17986]: %include /etc/torrc.d/95_whonix.conf' '%include /etc/torrc.d/' /etc/tor/torrc May 27 13:04:26 host tor-config-sane[17989]: Nothing replaced May 27 13:04:26 host tor-config-sane[17986]: + true 0 May 27 13:04:26 host tor-config-sane[17990]: /usr/libexec/anon-gw-anonymizer-config/torrc-d-cleaner INFO: start. May 27 13:04:26 host tor-config-sane[17990]: INFO: dpkg-new file found: /etc/torrc.d/60_network.conf.dpkg-new May 27 13:04:26 host tor-config-sane[17990]: INFO: dpkg-new file found: /etc/torrc.d/65_gateway.conf.dpkg-new May 27 13:04:26 host tor-config-sane[17990]: INFO: dpkg-new file found: /etc/torrc.d/65_leak_tests.conf.dpkg-new May 27 13:04:26 host tor-config-sane[17990]: INFO: dpkg-new file found: /etc/torrc.d/70_workstation.conf.dpkg-new May 27 13:04:26 host tor-config-sane[17990]: INFO: dpkg-new file found: /etc/torrc.d/95_whonix.conf.dpkg-new May 27 13:04:26 host tor-config-sane[17990]: /usr/libexec/anon-gw-anonymizer-config/torrc-d-cleaner INFO: success. May 27 13:04:26 host systemd[1]: Finished Make Sure Torrc Files Exist and Clean Tor Config Folders. May 27 13:04:26 host systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)... May 27 13:04:26 host systemd[1]: Starting Anonymizing overlay network for TCP... May 27 13:04:26 host systemd[1]: Finished Anonymizing overlay network for TCP (multi-instance-master). May 27 13:04:26 host vanguards[762]: WARNING[Fri May 27 13:04:26 2022]: Tor daemon connection closed. Trying again... May 27 13:04:26 host tor[17993]: May 27 13:04:26.803 [notice] Tor 0.4.7.7 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc. May 27 13:04:26 host tor[17993]: May 27 13:04:26.803 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/ May 27 13:04:26 host tor[17993]: May 27 13:04:26.806 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc". May 27 13:04:26 host tor[17993]: May 27 13:04:26.806 [notice] Read configuration file "/etc/tor/torrc". May 27 13:04:26 host tor[17993]: May 27 13:04:26.807 [notice] Processing configuration path "/etc/torrc.d/" at recursion level 1. May 27 13:04:26 host tor[17993]: May 27 13:04:26.807 [notice] Including configuration file "/etc/torrc.d//60_network.conf". May 27 13:04:26 host tor[17993]: May 27 13:04:26.808 [notice] Including configuration file "/etc/torrc.d//60_network.conf.dpkg-new".
Footnotes[edit]
- ↑ https://forums.whonix.org/t/whonix-gateway-tor-0-2-9-9-unrecommended-no-update-unsafe/4240/8
- ↑ The Debian target is usually the stable package, which is currently: bullseye) or Whonix ™.
- ↑
Patrick: "Historically when there was a botnet starting to use Tor, the LTS version barely connected while the latest stable had the ntor handshake which worked." See tor-weekly-news-september-4th-2013.
- ↑
Package: tor-geoipdbVersion: 0.4.5.8-1~d10.buster+1isArchitecture: allandDepends: tor (>= 0.4.5.8-1~d10.buster+1). Thereby for example ended up in Whonix ™ repository for architectureppc64el. This did not cause an issue yet. - ↑
Relative Whonix ™ Forum discussion: https://forums.whonix.org/t/tor-releases-discussion/4578
- ↑ Please contact us if you would like to be a Tor nightly build tester for Whonix ™.
- ↑ Click here for an overview of all answers.
Whonix ™
The most watertight privacy operating system in the world.
Follow us on social media
FREE · PLUS · PREMIUM Support
At
Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.
Whonix ™ is supported by Evolution Host DDoS Protected VPS.
The personal opinions of
moderators
or
contributors
to the
Whonix ™
project do not represent the project as a whole.
By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements:
Terms of Service
,
Privacy Policy
,
Cookie Policy
,
E-Sign Consent
,
DMCA
,
Imprint
Whonix
ENCRYPTED SUPPORT LP,
2023
ENCRYPTED SUPPORT LP,
2023