Hi,
As I said to Matt and Georg during a meeting, I've had some major headaches with getting Moat to work in Tails, and even debugging it has been hard. To give you an idea of the latter, I couldn't get access to Tor Launcher's logs, so I had to ugly-patch it to always spam the full log into the clipboard just to get it some how.
For the former, the actual error I see is this prompt, right after clicking "Request a bridge...":
Unable to obtain a bridge from BridgeDB.
NS_ERROR_NET_INTERRUPT
I've attached the logs of Tor Launcher and obfs4proxy when this happens. To me it certainly seems like the problem is somewhere in their interaction.
Note that Tails runs Tor Launcher as a standalone XUL application (via `firefox --app`, using the executable from Tor Browser) and not a (system) extension as in Tor Browser. This might be responsible for the issues I'm having, but if so I have no idea why, or even how to approach debugging it.
Any ideas?
How to reproduce inside Tails =============================
If you feel adventurous and would like to try to reproduce this and investigate further, you can fetch an image built from the feature branch here:
https://nightly.tails.boum.org/build_Tails_ISO_feature-8243-meek/lastSuccess...
<Note> The Tails project is in the process of migrating from Redmine to GitLab, and as a result our Jenkins isn't building images for us. Therefore the last images available at the moment are built yesterday (2020-05-19) and lack a small fix I just pushed: enable obfs4proxy debug logging. You can enable the logging yourself by running the following as root:
. /usr/local/lib/tails-shell-library/tor.sh tor_control_setconf 'ClientTransportPlugin="obfs2,obfs3,obfs4,meek_lite exec /usr/local/lib/obfs4proxy/obfs4proxy -enableLogging=true -logLevel DEBUG managed"'
</Note>
Booting the .iso in a VM of you choice is probably the easiest approach.
If you want to look at the code of the feature branch, feature/8243-meek [0], you can do so here:
https://git.tails.boum.org/tails/log/?h=feature/8243-meek
or if you prefer to Git clone it:
git clone https://git-tails.immerda.ch/tails && \ cd tails && \ git checkout feature/8243-meek
The build script which installs Tor Browser and Tor Launcher is probably the most interesting bit for you (my guess is that you don't need to look at it, though):
https://git.tails.boum.org/tails/tree/config/chroot_local-hooks/10-tbb?h=fea...
Once you boot Tails and reach the Greeter you'll have to set two "Additional settings" by pressing the + button (in the GUI, not on the keyboard):
* An administrative password so we can run stuff as root * Enable Tor Launcher via: Network configuration → Configure a Tor bridge or local proxy
As soon as you have logged in and your network is up you need to run this as root:
/usr/local/lib/do_not_ever_run_me
which disables the firewall completely (I haven't bothered opening up properly for Moat yet). This command must be rerun if your network reconnects.
As you may notice Tor Launcher will start automatically once you log in and have a network connection, but if you want to run it again without having to reboot (very likely!) you can do so by running this as root:
tails-tor-launcher
Some other things that might be useful when debugging -----------------------------------------------------
The path to the obfs4proxy executable (copied straight from the Tor Browser bundle):
/usr/local/lib/obfs4proxy/obfs4proxy
We run Tor Launcher under a dedicated 'tor-launcher' user whose $HOME is:
/home/tor-launcher
The Tor Launcher's app profile is located in:
/home/tor-launcher/.tor-launcher/profile.default
The obfs4proxy log can be found in:
/home/tor-launcher/Tor/pt_state/obfs4proxy.log
And as I already mentioned, Tor Launcher is patched to dump its full debug log into the clipboard for each log event, so just paste into Gedit or whatever. I also recommend quitting Tor Launcher as soon as you have done this, as it otherwise will keep spamming your clipboard and probably mess things up for you. :)
Cheers!
[0] It's in the branch for Meek because when we had (successfully) implemented a PoC for it, it occurred to us that we need to provide Moat at the same time as an alternative. Details: https://lists.torproject.org/pipermail/tor-dev/2020-March/014189.html