feat(cli, asb): Whonix and Tails support #391
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 30 commits
May 29, 2023 01:19
…r handling to use thiserror crate; convertd test code to use anyhow crate
…ay implementation
… peer_addr and local_addr
…in preparation for alternate backends
…and their use tor-crypto tpyes
…der object - CircuitToken is now just a usize; leave it to TorProvier implementations to generate and manage them - OnionListener is now a pointer-to-implementation wrapper, trait moved to OnionListnerImpl - Update LegacyTorClient to use new interface definitions
…pe, updated gosling context to use a TorProvider rather than a specific implementation
- migrated integration tests to tor-interface/tests - moved various free functions to be private functions of their relevant types - added Debug implementations for various tor_crypto types
Transaction log on auto-auth:
writev(3, [{iov_base="PROTOCOLINFO 1", iov_len=14}, {iov_base="\r\n", iov_len=2}], 2) = 16
recvfrom(3, "250-PROTOCOLINFO 1\r\n250-AUTH MET"..., 1024, 0, NULL, NULL) = 158
recvfrom(3, 0x55dc1327f59e, 866, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
openat(AT_FDCWD, "/home/nabijaczleweli/.tor/coo kie \\\" \320\266 \n 2", O_RDONLY|O_CLOEXEC) = 4
statx(4, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0600, stx_size=32, ...}) = 0
read(4, "\203\245-ds\200k\27^G\255\34q\371\240\376QuE\254\226\243\247\221\375\355\313\232\26\316o\343", 32) = 32
read(4, "", 32) = 0
close(4) = 0
writev(3, [{iov_base="AUTHENTICATE 83a52d6473806b175e4"..., iov_len=77}, {iov_base="\r\n", iov_len=2}], 2) = 79
recvfrom(3, "250 OK\r\n", 1024, 0, NULL, NULL) = 8
recvfrom(3, 0x55dc1327f508, 1016, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
writev(3, [{iov_base="GETINFO version", iov_len=15}, {iov_base="\r\n", iov_len=2}], 2) = 17
recvfrom(3, "250-version=0.4.7.16\r\n250 OK\r\n", 1024, 0, NULL, NULL) = 30
recvfrom(3, 0x55dc1327f51e, 994, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
No changes if an auth method is provided
This avoids leaking the secret and using an unknown Tor server COOKIE may supposedly get removed in future hmac is the only new dependency, sha2 was already in the dep tree
Don't send GETINFO version if we already PROTOCOLINFOed and got VERSION back
…ner over Stream, OnionStream
…low using Legacy Tor over unix-domain sockets Requires: sfackler/rust-socks#22
Parsing standard $TOR_SOCKS_{IPC_PATH,HOST+PORT},
$TOR_CONTROL_{IPC_PATH,HOST+PORT},
$TOR_CONTROL_{PASSWD,COOKIE_AUTH_FILE} variables
These are documented by upstream:
https://gitlab.torproject.org/tpo/applications/wiki/-/blob/master/Environment-variables-and-related-preferences.md
and used in the wild, like by whonix:
https://www.whonix.org/wiki/Dev/Project_friendly_applications_best_practices#Tor_Settings_Autodetection
…:listener() This is a hard requirement for downstreams like UnstoppableSwap
These use the legacy Tor provider for inbound and outbound connections tor ControlPort unix:/home/nabijaczleweli/uwu/sock/sock SocksPort unix:/home/nabijaczleweli/uwu/sock/socks & TOR_SOCKS_IPC_PATH=/home/nabijaczleweli/uwu/sock/socks TOR_CONTROL_IPC_PATH=/home/nabijaczleweli/uwu/sock/sock target/debug/examples/legacy-tor-provider-provider does a crude HTTP request TOR_SOCKS_IPC_PATH=/home/nabijaczleweli/uwu/sock/socks TOR_CONTROL_IPC_PATH=/home/nabijaczleweli/uwu/sock/sock target/debug/examples/legacy-tor-provider-listener starts a crude HTTP server that can be observed with torsocks curl mxmy...ctu.onion TCP connections also work, of course
|
Sorry for the delay. We've since moved our fork of |
Detect if running on whonix accd'g to documentation https://www.whonix.org/wiki/Dev/Project_friendly_applications_best_practices#Programmatically_Detecting_Whonix by checking if /usr/share/whonix/marker exists In that case, never initialise a Tor connection to avoid tunneling Tor over Tor, instead log INFO On whonix, not using Tor The settings GUI is adapted to (a) force the slider on (b) disable it (c) note that everything's always on Tor on whonix in the help asb: nabijaczleweli@tarta:~/uwu/core$ ./target/release/asb --testnet start 2025-06-08T02:10:18.426428165Z INFO Initialized tracing. General logs will be written to swap-all.log, and verbose logs to tracing*.log level_filter=debug logs_dir=testnet/logs 2025-06-08T02:10:18.426499966Z INFO Setting up context binary="asb" version="preview-1-gacd9ade-dirty" os="linux" arch="x86_64" 2025-06-08T02:10:18.426566003Z DEBUG Reading in seed from testnet/seed.pem 2025-06-08T02:10:18.42659969Z DEBUG Using existing sqlite database. 2025-06-08T02:10:18.427903356Z DEBUG Opening Monero wallet 2025-06-08T02:10:49.253500345Z DEBUG Created Monero wallet monero_wallet_name=asb-wallet 2025-06-08T02:10:49.338552856Z INFO Monero wallet address monero_address=9tWysVoWvpGR33qBZoTJcq4HzzQoe49HiStVNx5oMVJu6wKzsBYjy1xdegiVYBMZyp3i1kuXmDySqYmJRieKmW4nSWx1kNm 2025-06-08T02:10:49.383891181Z WARN The Monero balance is 0, make sure to deposit funds at monero_address=9tWysVoWvpGR33qBZoTJcq4HzzQoe49HiStVNx5oMVJu6wKzsBYjy1xdegiVYBMZyp3i1kuXmDySqYmJRieKmW4nSWx1kNm 2025-06-08T02:10:49.383950078Z DEBUG Opening Bitcoin wallet 2025-06-08T02:10:50.20519519Z INFO Starting initial Bitcoin wallet scan. This might take a while... 2025-06-08T02:10:51.33690081Z DEBUG Full scanning Bitcoin wallet, currently at index 0. We will scan around 500 in total. 2025-06-08T02:10:51.337269269Z DEBUG Full scanning Bitcoin wallet, currently at index 1. We will scan around 500 in total. 2025-06-08T02:10:52.38770465Z DEBUG Full scanning Bitcoin wallet, currently at index 52. We will scan around 500 in total. 2025-06-08T02:10:53.909561884Z DEBUG Full scanning Bitcoin wallet, currently at index 103. We will scan around 500 in total. 2025-06-08T02:10:54.687464795Z DEBUG Full scanning Bitcoin wallet, currently at index 153. We will scan around 500 in total. 2025-06-08T02:10:56.313618739Z DEBUG Full scanning Bitcoin wallet, currently at index 203. We will scan around 500 in total. 2025-06-08T02:10:57.145982225Z DEBUG Full scanning Bitcoin wallet, currently at index 254. We will scan around 500 in total. 2025-06-08T02:10:58.886810752Z DEBUG Full scanning Bitcoin wallet, currently at index 305. We will scan around 500 in total. 2025-06-08T02:11:00.572357489Z DEBUG Full scanning Bitcoin wallet, currently at index 356. We will scan around 500 in total. 2025-06-08T02:11:02.395423731Z DEBUG Full scanning Bitcoin wallet, currently at index 432. We will scan around 532 in total. 2025-06-08T02:11:19.093438653Z DEBUG Not syncing because there are no spks in our wallet 2025-06-08T02:11:19.093475438Z DEBUG Starting to sync Bitcoin wallet with 0 concurrent chunks and batch size of 32 2025-06-08T02:11:19.12235274Z INFO Bitcoin wallet balance bitcoin_balance=0 BTC 2025-06-08T02:11:19.375064128Z DEBUG Bootstrapping Tor client 2025-06-08T02:11:20.677955503Z DEBUG Connected to Kraken websocket API 2025-06-08T02:11:20.678051027Z DEBUG Subscribed to updates for ticker 2025-06-08T02:11:24.434699921Z DEBUG Setting up onion service for libp2p to listen on addr=/onion3/6b5rqgvgofdi7qx6um25hfitolhxkxnfqxlogicqxhl7xjtxsvrpv6yd:9939 2025-06-08T02:11:24.566743497Z INFO Network layer initialized peer_id=12D3KooWHGUUHbxUpBXjfL1u6JWknBfETHkCEbWFozhf9nHcHi9K 2025-06-08T02:11:24.60886221Z INFO New listen address reported address=/onion3/6b5rqgvgofdi7qx6um25hfitolhxkxnfqxlogicqxhl7xjtxsvrpv6yd:9939 2025-06-08T02:11:24.613757136Z INFO New listen address reported address=/ip4/127.0.0.1/tcp/9939 2025-06-08T02:11:24.613836425Z INFO New listen address reported address=/ip4/192.168.1.250/tcp/9939 2025-06-08T02:11:24.6139116Z INFO New listen address reported address=/ip4/10.0.2.2/tcp/9939 nabijaczleweli@tarta:~/uwu/core$ unshare -rm root@tarta:~/uwu/core# mount -t tmpfs tmpfs /usr/share root@tarta:~/uwu/core# mkdir /usr/share/whonix root@tarta:~/uwu/core# > /usr/share/whonix/marker root@tarta:~/uwu/core# ./target/release/asb --testnet start 2025-06-08T02:12:07.15259209Z INFO Initialized tracing. General logs will be written to swap-all.log, and verbose logs to tracing*.log level_filter=debug logs_dir=testnet/logs 2025-06-08T02:12:07.152648706Z INFO Setting up context binary="asb" version="preview-1-gacd9ade-dirty" os="linux" arch="x86_64" 2025-06-08T02:12:07.152718078Z DEBUG Reading in seed from testnet/seed.pem 2025-06-08T02:12:07.1527521Z DEBUG Using existing sqlite database. 2025-06-08T02:12:07.15392353Z DEBUG Opening Monero wallet 2025-06-08T02:12:20.274522678Z INFO Monero wallet address monero_address=9tWysVoWvpGR33qBZoTJcq4HzzQoe49HiStVNx5oMVJu6wKzsBYjy1xdegiVYBMZyp3i1kuXmDySqYmJRieKmW4nSWx1kNm 2025-06-08T02:12:20.27523474Z WARN The Monero balance is 0, make sure to deposit funds at monero_address=9tWysVoWvpGR33qBZoTJcq4HzzQoe49HiStVNx5oMVJu6wKzsBYjy1xdegiVYBMZyp3i1kuXmDySqYmJRieKmW4nSWx1kNm 2025-06-08T02:12:20.360353998Z DEBUG Opening Bitcoin wallet 2025-06-08T02:12:20.555861074Z DEBUG Loading existing Bitcoin wallet from database 2025-06-08T02:12:20.802818807Z DEBUG Not syncing because there are no spks in our wallet 2025-06-08T02:12:20.802858811Z DEBUG Starting to sync Bitcoin wallet with 0 concurrent chunks and batch size of 32 2025-06-08T02:12:20.802982132Z INFO Bitcoin wallet balance bitcoin_balance=0 BTC 2025-06-08T02:12:20.803068289Z INFO On whonix, not using Tor 2025-06-08T02:12:20.897994249Z INFO Network layer initialized peer_id=12D3KooWHGUUHbxUpBXjfL1u6JWknBfETHkCEbWFozhf9nHcHi9K 2025-06-08T02:12:21.086817444Z DEBUG Connected to Kraken websocket API 2025-06-08T02:12:21.111092228Z INFO New listen address reported address=/ip4/127.0.0.1/tcp/9939 2025-06-08T02:12:21.111314184Z INFO New listen address reported address=/ip4/192.168.1.250/tcp/9939 2025-06-08T02:12:21.111465536Z INFO New listen address reported address=/ip4/10.0.2.2/tcp/9939 2025-06-08T02:12:21.14171648Z DEBUG Subscribed to updates for ticker swap: nabijaczleweli@tarta:~/uwu/core$ ./target/release/swap --testnet resume --enable-tor --swap-id 69420694206942069420694206942069 2025-06-08T02:24:20.130489739Z INFO Initialized tracing. General logs will be written to swap-all.log, and verbose logs to tracing*.log level_filter=info logs_dir=/home/nabijaczleweli/.local/share/xmr-btc-swap/cli/testnet/logs 2025-06-08T02:24:20.130752975Z INFO Setting up context binary="cli" version="preview-1-gacd9ade-dirty" os="linux" arch="x86_64" 2025-06-08T02:24:20.275872264Z DEBUG Bootstrapping Tor client ^C nabijaczleweli@tarta:~/uwu/core$ unshare -rm root@tarta:~/uwu/core# mount -t tmpfs tmpfs /usr/share root@tarta:~/uwu/core# mkdir /usr/share/whonix root@tarta:~/uwu/core# > /usr/share/whonix/marker root@tarta:~/uwu/core# ./target/release/swap --testnet resume --enable-tor --swap-id 69420694206942069420694206942069 2025-06-08T02:24:37.62796112Z INFO Initialized tracing. General logs will be written to swap-all.log, and verbose logs to tracing*.log level_filter=info logs_dir=/home/nabijaczleweli/.local/share/xmr-btc-swap/cli/testnet/logs 2025-06-08T02:24:37.628228005Z INFO Setting up context binary="cli" version="preview-1-gacd9ade-dirty" os="linux" arch="x86_64" 2025-06-08T02:24:37.642638339Z INFO On whonix, not using Tor ^C Bounty: https://bounties.monero.social/posts/180/0-789m-make-unstoppable-swap-whonix-friendly
…rrelevant/would-be-misleading parts of the questionnaire on whonix
…640244aa14d51f8ea8d9ee..df7553d1671679e2d7b86defae8f91f2b86b4135
|
For the record I would like to state that this was the worst rebase I've ever done and it's not close. |
|
Thanks for the rebase. Could you add some explanation as to how this works? This has become quite a big PR and we cannot merge this unless we can fully understand how it works |
|
Nothing's changed except that this also inlines the dependency PRs (blueprint-freespeech/gosling#132 + eigenwallet/libp2p-tor#4) into the vendored crates (tor-interface by git filter-branch + merge (this can probably stand to get squashed so it's not as daunting for no reason, history's like 80 commits) and libp2p-tor by applying the diff since that's functionally what the PR reduces to). All the wallet does is (a) detect if it's on whonix, and if so (b) use the system tor daemon and (c) adjust the UI a little bit so it's not confusing (the "use tor" toggle is always on, setup questions for tor configuration that would be ineffective are skipped). No change since the first time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Detect if running on whonix accd'g to documentation by checking if
/usr/share/whonix/markerexistsIn that case, never initialise a Tor connection to avoid tunneling Tor over Tor, instead log
The settings GUI is adapted to
GUI, not whonix (baseline, not changed):
GUI, whonix, settings:
GUI, whonix, log:
asb, normal system:
asb, whonix (emulated):
swap, normal system & whonix (emulated):
(I cranked the "Bootstrapping Tor client" message verbosity so it showed.)
Bounty: https://bounties.monero.social/posts/180/0-789m-make-unstoppable-swap-whonix-friendly
Please advise on how to correctly exercise the bounty system.
Summary by CodeRabbit