summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2017-03-23 02:09:46 +0100
committeranonym <anonym@riseup.net>2017-03-25 00:24:03 +0100
commit266e35b48601a20b45f8348bd2cbad4da09b6c2f (patch)
tree2b28a4656fbb1d64e3c46a0a77e79a0801760adf
parentf03e4f28e7be18922c526000b3c8451d5516ab9b (diff)
WIP: ISO
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh25
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh238
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh12
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh20
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/restart-tor51
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/unsafe-browser2
-rw-r--r--features/step_definitions/common_steps.rb2
-rw-r--r--features/support/helpers/misc_helpers.rb8
9 files changed, 22 insertions, 338 deletions
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
index e7bbfdf..5a2dd90 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
@@ -23,13 +23,6 @@ fi
# Import tails_netconf()
. /usr/local/lib/tails-shell-library/tails-greeter.sh
-# It's safest that Tor is not running when messing with its logs.
-systemctl stop tor@default.service
-
-# We depend on grepping stuff from the Tor log (especially for
-# tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
-rm -f "${TOR_LOG}"
-
# Let the rest of the system know that Tor is not working at the moment.
# This matters e.g. if we have already bootstrapped.
systemctl --no-block restart tails-tor-has-bootstrapped.target
@@ -52,20 +45,10 @@ fi
# Tor. Details:
# * https://trac.torproject.org/projects/tor/ticket/1247
# * https://tails.boum.org/bugs/tor_vs_networkmanager/
-# To work around this we restart Tor, in various ways, no matter the
-# case below.
+# To work around this we restart Tor.
+( systemctl restart tor@default.service ) &
if [ "$(tails_netconf)" = "obstacle" ]; then
- # We do not use restart-tor since it validates that bootstraping
- # succeeds. That cannot happen until Tor Launcher has started
- # (below) and the user is done configuring it.
- systemctl restart tor@default.service
-
- # When using a bridge Tor reports TLS cert lifetime errors
- # (e.g. when the system clock is way off) with severity "info", but
- # when no bridge is used the severity is "warn". tordate/20-time.sh
- # depends on grepping these error messages, so we temporarily
- # increase Tor's logging severity.
- tor_control_setconf "Log=\"info file ${TOR_LOG}\""
+ # XXX wait until Tor's ControlPort is available
# Enable the transports we support. We cannot do this in general,
# when bridge mode is not enabled, since we then use seccomp
@@ -78,6 +61,4 @@ if [ "$(tails_netconf)" = "obstacle" ]; then
until [ "$(tor_control_getconf DisableNetwork)" = 0 ]; do
sleep 1
done
-else
- ( restart-tor ) &
fi
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
index 0144b6f..7081cd8 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
@@ -1,35 +1,13 @@
#!/bin/sh
-# Rationale: Tor needs a somewhat accurate clock to work.
-# If the clock is wrong enough to prevent it from opening circuits,
-# we set the time to the middle of the valid time interval found
-# in the Tor consensus, and we restart it.
-# In any case, we use HTP to ask more accurate time information to
-# a few authenticated HTTPS servers.
+set -e
-# Get LIVE_USERNAME
-. /etc/live/config.d/username.conf
+# Import wait_until()
+. /usr/local/lib/tails-shell-library/common.sh
-# Import export_gnome_env().
-. /usr/local/lib/tails-shell-library/gnome.sh
-
-# Import tor_control_*(), tor_is_working(), TOR_LOG, TOR_DIR
+# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
-# Import tails_netconf()
-. /usr/local/lib/tails-shell-library/tails-greeter.sh
-
-### Init variables
-
-TORDATE_DIR=/var/run/tordate
-TORDATE_DONE_FILE=${TORDATE_DIR}/done
-TOR_CONSENSUS=${TOR_DIR}/cached-microdesc-consensus
-TOR_UNVERIFIED_CONSENSUS=${TOR_DIR}/unverified-microdesc-consensus
-TOR_UNVERIFIED_CONSENSUS_HARDLINK=${TOR_UNVERIFIED_CONSENSUS}.bak
-INOTIFY_TIMEOUT=60
-DATE_RE='[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]'
-VERSION_FILE=/etc/amnesia/version
-
### Exit conditions
# Run only when the interface is not "lo":
@@ -42,209 +20,13 @@ if [ "$2" != "up" ]; then
exit 0
fi
-# Do not run twice
-if [ -e "$TORDATE_DONE_FILE" ]; then
- exit 0
-fi
-
-
-### Create status directory
-install -o root -g root -m 0755 -d ${TORDATE_DIR}
-
-
-### Functions
-
-log() {
- logger -t time "$@"
-}
-
-has_consensus() {
- local files="${TOR_CONSENSUS} ${TOR_UNVERIFIED_CONSENSUS}"
-
- if [ $# -ge 1 ]; then
- files="$@"
- fi
- grep -qs "^valid-until ${DATE_RE}"'$' ${files}
-}
-
-has_only_unverified_consensus() {
- [ ! -e ${TOR_CONSENSUS} ] && has_consensus ${TOR_UNVERIFIED_CONSENSUS}
-}
-
-wait_for_tor_consensus_helper() {
- tries=0
- while ! has_consensus && [ $tries -lt 10 ]; do
- inotifywait -q -t 30 -e close_write -e moved_to ${TOR_DIR} || log "timeout"
- tries=$(expr $tries + 1)
- done
-
- # return some kind of success measurement
- has_consensus
-}
-
-wait_for_tor_consensus() {
- log "Waiting for a Tor consensus file to contain a valid time interval"
- if ! has_consensus && ! wait_for_tor_consensus_helper; then
- log "Unsuccessfully retried waiting for Tor consensus, aborting."
- fi
- if has_consensus; then
- log "A Tor consensus file now contains a valid time interval."
- else
- log "Waited for too long, let's stop waiting for Tor consensus."
- # FIXME: gettext-ize
- /usr/local/sbin/tails-notify-user "Synchronizing the system's clock" \
- "Could not fetch Tor consensus."
- exit 2
- fi
-}
-
-wait_for_working_tor() {
- local waited=0
-
- log "Waiting for Tor to be working..."
- while ! tor_is_working; do
- if [ "$waited" -lt ${INOTIFY_TIMEOUT} ]; then
- sleep 2
- waited=$(($waited + 2))
- else
- log "Timed out waiting for Tor to be working"
- return 1
- fi
- done
- log "Tor is now working."
-}
-
-date_points_are_sane() {
- local vstart="$1"
- local vend="$2"
-
- vendchk=$(date -ud "${vstart} -0300" +'%F %T')
- [ "${vend}" = "${vendchk}" ]
-}
-
-time_is_in_valid_tor_range() {
- local curdate="$1"
- local vstart="$2"
-
- vendcons=$(date -ud "${vstart} -0230" +'%F %T')
- order="${vstart}
-${curdate}
-${vendcons}"
- ordersrt=$(echo "${order}" | sort)
-
- [ "${order}" = "${ordersrt}" ]
-}
-
-maybe_set_time_from_tor_consensus() {
- local consensus=${TOR_CONSENSUS}
-
- if has_only_unverified_consensus \
- && ln -f ${TOR_UNVERIFIED_CONSENSUS} ${TOR_UNVERIFIED_CONSENSUS_HARDLINK}; then
- consensus=${TOR_UNVERIFIED_CONSENSUS_HARDLINK}
- log "We do not have a Tor verified consensus, let's use the unverified one."
- fi
-
- log "Waiting for the chosen Tor consensus file to contain a valid time interval..."
- while ! has_consensus ${consensus}; do
- inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to ${TOR_DIR} || log "timeout"
- done
- log "The chosen Tor consensus now contains a valid time interval, let's use it."
-
-
- # Get various date points in Tor's format, and do some sanity checks
- vstart=$(sed -n "/^valid-after \(${DATE_RE}\)"'$/s//\1/p; t q; b; :q q' ${consensus})
- vend=$(sed -n "/^valid-until \(${DATE_RE}\)"'$/s//\1/p; t q; b; :q q' ${consensus})
- vmid=$(date -ud "${vstart} -0130" +'%F %T')
- log "Tor: valid-after=${vstart} | valid-until=${vend}"
-
- if ! date_points_are_sane "${vstart}" "${vend}"; then
- log "Unexpected valid-until: [${vend}] is not [${vstart} + 3h]"
- return
- fi
-
- curdate=$(date -u +'%F %T')
- log "Current time is ${curdate}"
-
- if time_is_in_valid_tor_range "${curdate}" "${vstart}"; then
- log "Current time is in valid Tor range"
- return
- fi
-
- log "Current time is not in valid Tor range, setting to middle of this range: [${vmid}]"
- date -us "${vmid}" 1>/dev/null
-
- # Tor is unreliable with picking a circuit after time change
- systemctl restart tor@default.service
-}
-
-tor_cert_valid_after() {
- # Only print the last = freshest match
- sed -n 's/^.*certificate lifetime runs from \(.*\) through.*$/\1/p' \
- ${TOR_LOG} | tail -n 1
-}
-
-tor_cert_lifetime_invalid() {
- # To be sure that we only grep relevant information, we
- # should delete the log when Tor is started, which we do
- # in 10-tor.sh.
- # The log severity will be "warn" if bootstrapping with
- # authorities and "info" with bridges.
- grep -q "\[\(warn\|info\)\] Certificate \(not yet valid\|already expired\)\." \
- ${TOR_LOG}
-}
-
-# This check is blocking until Tor reaches either of two states:
-# 1. Tor completes a handshake with an authority (or bridge).
-# 2. Tor fails the handshake with all authorities (or bridges).
-# Since 2 essentially is the negation of 1, one of them will happen,
-# so it won't block forever. Hence we shouldn't need a timeout.
-is_clock_way_off() {
- log "Checking if system clock is way off"
- until [ "$(tor_bootstrap_progress)" -gt 10 ]; do
- if tor_cert_lifetime_invalid; then
- return 0
- fi
- sleep 1
- done
- return 1
-}
-
-start_notification_helper() {
- export_gnome_env
- exec /bin/su -c /usr/local/lib/tails-htp-notify-user "$LIVE_USERNAME" &
-}
-
-
### Main
-start_notification_helper
-
-# Delegate time setting to other daemons if Tor connections work
-if tor_is_working; then
- log "Tor has already opened a circuit"
-else
- # Since Tor 0.2.3.x Tor doesn't download a consensus for
- # clocks that are more than 30 days in the past or 2 days in
- # the future. For such clock skews we set the time to the
- # authority's cert's valid-after date.
- if is_clock_way_off; then
- log "The clock is so badly off that Tor cannot download a consensus. Setting system time to the authority's cert's valid-after date and trying to fetch a consensus again..."
- date --set="$(tor_cert_valid_after)" > /dev/null
- systemctl reload tor@default.service
- fi
- wait_for_tor_consensus
- maybe_set_time_from_tor_consensus
-fi
-
-wait_for_working_tor
-
-# Disable "info" logging workaround from 10-tor.sh
-if [ "$(tails_netconf)" = "obstacle" ]; then
- tor_control_setconf "Log=\"notice file ${TOR_LOG}\""
-fi
-
-touch $TORDATE_DONE_FILE
+# Magic mechanism that syncs the time :)
+touch /waiting_for_time_sync
+while [ ! -e /time_is_synced ]; do
+ sleep 1
+done
-log "Restarting htpdate"
+wait_until 120 tor_is_working
systemctl restart htpdate.service
-log "htpdate service restarted with return code $?"
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
index 9b748fd..88ca906 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
@@ -23,18 +23,6 @@ while ! /usr/local/sbin/tor-has-bootstrapped; do
sleep 1
done
-# We now know that whatever Tor settings we are using works, so if Tor
-# Launcher is still running, we can just kill it and make sure it
-# won't start next network reconnect. A reason for this happening is
-# if Tor was restarted by tordate, e.g. if the clock was to incorrect.
-TOR_LAUNCHER_PROCESS_REGEX="firefox-unconfined -?-app.*tor-launcher-standalone"
-if pgrep -f "${TOR_LAUNCHER_PROCESS_REGEX}"; then
- pkill -f "${TOR_LAUNCHER_PROCESS_REGEX}"
- pref=/user/Data/Browser/profile.default/prefs.js
- sed -i '/^user_pref("extensions\.torlauncher\.prompt_at_startup"/d' "${pref}"
- echo 'user_pref("extensions.torlauncher.prompt_at_startup", false);' >> "${pref}"
-fi
-
/usr/local/sbin/tails-notify-user \
"`gettext \"Tor is ready\"`" \
"`gettext \"You can now access the Internet.\"`"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
index b952d37..a783443 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
+++ b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
@@ -12,8 +12,6 @@ export TEXTDOMAIN
# Import no_abort()
. /usr/local/lib/tails-shell-library/common.sh
-TORDATE_DIR=/var/run/tordate
-TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
MIN_REAL_MEMFREE=$((300 * 1024))
RUN_AS_USER=tails-upgrade-frontend
diff --git a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
index c15d34b..ef0dc90 100755
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/tor.sh
@@ -33,23 +33,17 @@ tor_control_setconf() {
tor_control_send "SETCONF ${1}" >/dev/null
}
-tor_bootstrap_progress() {
- RES=$(grep -o "\[notice\] Bootstrapped [[:digit:]]\+%:" ${TOR_LOG} | \
- tail -n1 | sed "s|\[notice\] Bootstrapped \([[:digit:]]\+\)%:|\1|")
- if [ -z "${RES:-}" ] ; then
- RES=0
- fi
- echo -n "$RES"
-}
-
+# XXX ?
# Potential Tor bug: it seems like using this version makes Tor get
# stuck at "Bootstrapped 5%" quite often. Is Tor sensitive to opening
# control ports and/or issuing "getinfo status/bootstrap-phase" during
# early bootstrap? Because of this we fallback to greping the log.
-#tor_bootstrap_progress() {
-# tor_control_getinfo status/bootstrap-phase | \
-# sed 's/^.* BOOTSTRAP PROGRESS=\([[:digit:]]\+\) .*$/\1/'
-#}
+tor_bootstrap_progress() {
+ local res
+ res=$(tor_control_getinfo status/bootstrap-phase | \
+ sed 's/^.* BOOTSTRAP PROGRESS=\([[:digit:]]\+\) .*$/\1/')
+ echo ${res:-0}
+}
tor_is_working() {
[ -e $TOR_DESCRIPTORS ] || [ -e $NEW_TOR_DESCRIPTORS ] || return 1
diff --git a/config/chroot_local-includes/usr/local/sbin/restart-tor b/config/chroot_local-includes/usr/local/sbin/restart-tor
deleted file mode 100755
index 694b00e..0000000
--- a/config/chroot_local-includes/usr/local/sbin/restart-tor
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Import try_for() and clock_gettime_monotonic()
-. /usr/local/lib/tails-shell-library/common.sh
-
-# Import tor_bootstrap_progress()
-. /usr/local/lib/tails-shell-library/tor.sh
-
-# Import log()
-. /usr/local/lib/tails-shell-library/log.sh
-_LOG_TAG="$(basename $0)"
-
-# The Tor log is removed to ensure `tor_bootstrap_progress`'s output will be
-# accurate.
-clear_tor_log() {
- rm -f /var/log/tor/log
-}
-
-clear_tor_log
-systemctl restart tor@default.service
-
-# The main point of this script is to restart Tor if bootstrapping stalls for
-# more than 20 seconds
-
-bootstrap_progress=0
-last_bootstrap_change=$(clock_gettime_monotonic)
-
-maybe_restart_tor() {
- local new_bootstrap_progress=$(tor_bootstrap_progress)
- if [ $new_bootstrap_progress -eq 100 ]; then
- log "Tor has successfully bootstrapped."
- return 0
- elif [ $new_bootstrap_progress -gt $bootstrap_progress ]; then
- bootstrap_progress=$new_bootstrap_progress
- last_bootstrap_change=$(clock_gettime_monotonic)
- return 1
- elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then
- log "Tor seems to have stalled while bootstrapping. Restarting Tor."
- clear_tor_log
- systemctl restart tor@default.service
- bootstrap_progress=0
- last_bootstrap_change=$(clock_gettime_monotonic)
- return 1
- else
- return 1
- fi
-}
-
-try_for 270 maybe_restart_tor
diff --git a/config/chroot_local-includes/usr/local/sbin/unsafe-browser b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
index 81211f2..39838f0 100755
--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -65,7 +65,7 @@ maybe_restart_tor () {
# wheels turning)
if ! tor_is_working; then
echo "* Restarting Tor"
- restart-tor
+ systemctl restart tor@default.service
if ! systemctl --quiet is-active tor@default.service; then
error "`gettext \"Failed to restart Tor.\"`"
fi
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 643af7b..7fb7846 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -73,7 +73,7 @@ def post_snapshot_restore_hook
$vm.execute("rm -f /var/log/tor/log")
$vm.execute("systemctl --no-block restart tails-tor-has-bootstrapped.target")
$vm.host_to_guest_time_sync
- $vm.spawn("restart-tor")
+ $vm.execute("systemctl restart tor@default.service")
wait_until_tor_is_working
if $vm.file_content('/proc/cmdline').include?(' i2p')
$vm.execute_successfully('/usr/local/sbin/tails-i2p stop')
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index 4a55286..74ba024 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -158,14 +158,6 @@ end
def wait_until_tor_is_working
try_for(270) { $vm.execute('/usr/local/sbin/tor-has-bootstrapped').success? }
-rescue Timeout::Error => e
- c = $vm.execute("journalctl SYSLOG_IDENTIFIER=restart-tor")
- if c.success?
- debug_log("From the journal:\n" + c.stdout.sub(/^/, " "))
- else
- debug_log("Nothing was in the journal about 'restart-tor'")
- end
- raise e
end
def convert_bytes_mod(unit)