March 2020 - tor-commits - lists.torproject.org

[tor/master] Move one voting schedule fn into networkstatus.c
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit b7ba558f56da643857884761f6a52262c7aa51b8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 10:04:01 2020 -0500 Move one voting schedule fn into networkstatus.c The 'voting_schdule_get_start_of_next_interval' function isn't actually dirauth-specific. --- src/feature/dirauth/voting_schedule.c | 45 ----------------------------------- src/feature/dirauth/voting_schedule.h | 3 --- src/feature/nodelist/networkstatus.c | 44 ++++++++++++++++++++++++++++++++++ src/feature/nodelist/networkstatus.h | 3 +++ src/test/test_voting_schedule.c | 2 +- 5 files changed, 48 insertions(+), 49 deletions(-) diff --git a/src/feature/dirauth/voting_schedule.c b/src/feature/dirauth/voting_schedule.c index 712addfa7..d797a9340 100644 --- a/src/feature/dirauth/voting_schedule.c +++ b/src/feature/dirauth/voting_schedule.c @@ -20,50 +20,6 @@ * Vote scheduling * ===== */ -/** Return the start of the next interval of size <b>interval</b> (in - * seconds) after <b>now</b>, plus <b>offset</b>. Midnight always - * starts a fresh interval, and if the last interval of a day would be - * truncated to less than half its size, it is rolled into the - * previous interval. */ -time_t -voting_schedule_get_start_of_next_interval(time_t now, int interval, - int offset) -{ - struct tm tm; - time_t midnight_today=0; - time_t midnight_tomorrow; - time_t next; - - tor_gmtime_r(&now, &tm); - tm.tm_hour = 0; - tm.tm_min = 0; - tm.tm_sec = 0; - - if (tor_timegm(&tm, &midnight_today) < 0) { - // LCOV_EXCL_START - log_warn(LD_BUG, "Ran into an invalid time when trying to find midnight."); - // LCOV_EXCL_STOP - } - midnight_tomorrow = midnight_today + (24*60*60); - - next = midnight_today + ((now-midnight_today)/interval + 1)*interval; - - /* Intervals never cross midnight. */ - if (next > midnight_tomorrow) - next = midnight_tomorrow; - - /* If the interval would only last half as long as it's supposed to, then - * skip over to the next day. */ - if (next + interval/2 > midnight_tomorrow) - next = midnight_tomorrow; - - next += offset; - if (next - interval > now) - next -= interval; - - return next; -} - /* Populate and return a new voting_schedule_t that can be used to schedule * voting. The object is allocated on the heap and it's the responsibility of * the caller to free it. Can't fail. */ @@ -190,4 +146,3 @@ voting_schedule_recalculate_timing(const or_options_t *options, time_t now) memcpy(&voting_schedule, new_voting_schedule, sizeof(voting_schedule)); voting_schedule_free(new_voting_schedule); } - diff --git a/src/feature/dirauth/voting_schedule.h b/src/feature/dirauth/voting_schedule.h index e4c621008..a3bb9cfd1 100644 --- a/src/feature/dirauth/voting_schedule.h +++ b/src/feature/dirauth/voting_schedule.h @@ -56,9 +56,6 @@ extern voting_schedule_t voting_schedule; void voting_schedule_recalculate_timing(const or_options_t *options, time_t now); -time_t voting_schedule_get_start_of_next_interval(time_t now, - int interval, - int offset); time_t voting_schedule_get_next_valid_after_time(void); #endif /* !defined(TOR_VOTING_SCHEDULE_H) */ diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index d7864fa38..6755de1a8 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -2765,3 +2765,47 @@ networkstatus_free_all(void) } } } + +/** Return the start of the next interval of size <b>interval</b> (in + * seconds) after <b>now</b>, plus <b>offset</b>. Midnight always + * starts a fresh interval, and if the last interval of a day would be + * truncated to less than half its size, it is rolled into the + * previous interval. */ +time_t +voting_schedule_get_start_of_next_interval(time_t now, int interval, + int offset) +{ + struct tm tm; + time_t midnight_today=0; + time_t midnight_tomorrow; + time_t next; + + tor_gmtime_r(&now, &tm); + tm.tm_hour = 0; + tm.tm_min = 0; + tm.tm_sec = 0; + + if (tor_timegm(&tm, &midnight_today) < 0) { + // LCOV_EXCL_START + log_warn(LD_BUG, "Ran into an invalid time when trying to find midnight."); + // LCOV_EXCL_STOP + } + midnight_tomorrow = midnight_today + (24*60*60); + + next = midnight_today + ((now-midnight_today)/interval + 1)*interval; + + /* Intervals never cross midnight. */ + if (next > midnight_tomorrow) + next = midnight_tomorrow; + + /* If the interval would only last half as long as it's supposed to, then + * skip over to the next day. */ + if (next + interval/2 > midnight_tomorrow) + next = midnight_tomorrow; + + next += offset; + if (next - interval > now) + next -= interval; + + return next; +} diff --git a/src/feature/nodelist/networkstatus.h b/src/feature/nodelist/networkstatus.h index 5e8c8a9e5..c376bdd37 100644 --- a/src/feature/nodelist/networkstatus.h +++ b/src/feature/nodelist/networkstatus.h @@ -153,6 +153,9 @@ void vote_routerstatus_free_(vote_routerstatus_t *rs); void set_routerstatus_from_routerinfo(routerstatus_t *rs, const node_t *node, const routerinfo_t *ri); +time_t voting_schedule_get_start_of_next_interval(time_t now, + int interval, + int offset); #ifdef NETWORKSTATUS_PRIVATE #ifdef TOR_UNIT_TESTS diff --git a/src/test/test_voting_schedule.c b/src/test/test_voting_schedule.c index 843965568..51e2b9b18 100644 --- a/src/test/test_voting_schedule.c +++ b/src/test/test_voting_schedule.c @@ -5,6 +5,7 @@ #include "core/or/or.h" #include "feature/dirauth/voting_schedule.h" +#include "feature/nodelist/networkstatus.h" #include "test/test.h" @@ -61,4 +62,3 @@ struct testcase_t voting_schedule_tests[] = { VS(interval_start, 0), END_OF_TESTCASES }; -

1 0

[tor/master] Stop using all dirauth-only options in shared_random_client.c
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit 9fb18756df3f76545f8f591881a95e1e09e735a0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 11:06:44 2020 -0500 Stop using all dirauth-only options in shared_random_client.c This is not as clean a patch as I would like: see the comment on ASSUME_AUTHORITY_SCHEDULING. This issue here is that the unit tests sometimes assume that we are going to be looking at the dirauth options and behaving like a dirauth, but without setting the options to turn is into one. This isn't an issue for actually running Tor, as far as I can tell with chutney. --- src/feature/dirauth/shared_random_state.c | 2 +- src/feature/dirauth/voting_schedule.c | 19 +++++++++ src/feature/dirauth/voting_schedule.h | 4 ++ src/feature/hs_common/shared_random_client.c | 58 ++++++++++++++-------------- src/feature/hs_common/shared_random_client.h | 2 - src/test/test_shared_random.c | 2 +- 6 files changed, 55 insertions(+), 32 deletions(-) diff --git a/src/feature/dirauth/shared_random_state.c b/src/feature/dirauth/shared_random_state.c index 305c2cc94..c15f8c993 100644 --- a/src/feature/dirauth/shared_random_state.c +++ b/src/feature/dirauth/shared_random_state.c @@ -139,7 +139,7 @@ get_state_valid_until_time(time_t now) voting_interval = get_voting_interval(); /* Find the time the current round started. */ - beginning_of_current_round = get_start_time_of_current_round(); + beginning_of_current_round = dirauth_sched_get_cur_valid_after_time(); /* Find how many rounds are left till the end of the protocol run */ current_round = (now / voting_interval) % total_rounds; diff --git a/src/feature/dirauth/voting_schedule.c b/src/feature/dirauth/voting_schedule.c index 5e076a0ef..ddb2c4bb0 100644 --- a/src/feature/dirauth/voting_schedule.c +++ b/src/feature/dirauth/voting_schedule.c @@ -51,6 +51,7 @@ create_voting_schedule(const or_options_t *options, time_t now, int severity) } tor_assert(interval > 0); + new_voting_schedule->interval = interval; if (vote_delay + dist_delay > interval/2) vote_delay = dist_delay = interval / 4; @@ -143,6 +144,24 @@ dirauth_sched_get_next_valid_after_time(void) return dirauth_get_voting_schedule()->interval_starts; } +/** + * Return our best idea of what the valid-after time for the _current_ + * consensus, whether we have one or not. + * + * Dirauth only. + **/ +time_t +dirauth_sched_get_cur_valid_after_time(void) +{ + const voting_schedule_t *sched = dirauth_get_voting_schedule(); + time_t next_start = sched->interval_starts; + int interval = sched->interval; + int offset = get_options()->TestingV3AuthVotingStartOffset; + return voting_sched_get_start_of_interval_after(next_start - interval - 1, + interval, + offset); +} + /** Return the voting interval that we are configured to use. * * Dirauth only. */ diff --git a/src/feature/dirauth/voting_schedule.h b/src/feature/dirauth/voting_schedule.h index b5dc811bf..5472719b2 100644 --- a/src/feature/dirauth/voting_schedule.h +++ b/src/feature/dirauth/voting_schedule.h @@ -26,6 +26,9 @@ typedef struct { /** When do we publish the consensus? */ time_t interval_starts; + /** Our computed dirauth interval */ + int interval; + /** True iff we have generated and distributed our vote. */ int have_voted; /** True iff we've requested missing votes. */ @@ -57,6 +60,7 @@ void dirauth_sched_recalculate_timing(const or_options_t *options, time_t now); time_t dirauth_sched_get_next_valid_after_time(void); +time_t dirauth_sched_get_cur_valid_after_time(void); int dirauth_sched_get_configured_interval(void); #endif /* !defined(TOR_VOTING_SCHEDULE_H) */ diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c index b30d68fb4..6b291c934 100644 --- a/src/feature/hs_common/shared_random_client.c +++ b/src/feature/hs_common/shared_random_client.c @@ -11,6 +11,7 @@ #include "feature/hs_common/shared_random_client.h" #include "app/config/config.h" +#include "feature/dirauth/authmode.h" #include "feature/dirauth/voting_schedule.h" #include "feature/nodelist/networkstatus.h" #include "lib/encoding/binascii.h" @@ -31,6 +32,24 @@ srv_to_control_string(const sr_srv_t *srv) return srv_str; } +/** + * If we have no consensus and we are not an authority, assume that this is + * the voting interval. We should never actually use this: only authorities + * should be trying to figure out the schedule when they don't have a + * consensus. + **/ +#define DEFAULT_NETWORK_VOTING_INTERVAL (3600) + +/* This is an unpleasing workaround for tests. Our unit tests assume that we + * are scheduling all of our shared random stuff as if we were a directory + * authority, but they do not always set V3AuthoritativeDir. + */ +#ifdef TOR_UNIT_TESTS +#define ASSUME_AUTHORITY_SCHEDULING 1 +#else +#define ASSUME_AUTHORITY_SCHEDULING 0 +#endif + /** Return the voting interval of the tor vote subsystem. */ int get_voting_interval(void) @@ -40,39 +59,16 @@ get_voting_interval(void) if (consensus) { interval = (int)(consensus->fresh_until - consensus->valid_after); + } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { + interval = dirauth_sched_get_configured_interval(); } else { - /* Same for both a testing and real network. We voluntarily ignore the - * InitialVotingInterval since it complexifies things and it doesn't - * affect the SR protocol. */ - interval = get_options()->V3AuthVotingInterval; + tor_assert_nonfatal_unreached_once(); + interval = DEFAULT_NETWORK_VOTING_INTERVAL; } tor_assert(interval > 0); return interval; } -/** Given the current consensus, return the start time of the current round of - * the SR protocol. For example, if it's 23:47:08, the current round thus - * started at 23:47:00 for a voting interval of 10 seconds. - * - * This function uses the consensus voting schedule to derive its results, - * instead of the actual consensus we are currently using, so it should be used - * for voting purposes. */ -time_t -get_start_time_of_current_round(void) -{ - const or_options_t *options = get_options(); - int voting_interval = get_voting_interval(); - /* First, get the start time of the next round */ - time_t next_start = dirauth_sched_get_next_valid_after_time(); - /* Now roll back next_start by a voting interval to find the start time of - the current round. */ - time_t curr_start = voting_sched_get_start_of_interval_after( - next_start - voting_interval - 1, - voting_interval, - options->TestingV3AuthVotingStartOffset); - return curr_start; -} - /* * Public API */ @@ -242,8 +238,14 @@ sr_state_get_start_time_of_current_protocol_run(void) networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); if (ns) { beginning_of_curr_round = ns->valid_after; + } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { + beginning_of_curr_round = dirauth_sched_get_cur_valid_after_time(); } else { - beginning_of_curr_round = get_start_time_of_current_round(); + tor_assert_nonfatal_unreached_once(); + beginning_of_curr_round = voting_sched_get_start_of_interval_after( + approx_time() - voting_interval, + voting_interval, + 0); } /* Get current SR protocol round */ diff --git a/src/feature/hs_common/shared_random_client.h b/src/feature/hs_common/shared_random_client.h index 3031a2bb9..37a086d59 100644 --- a/src/feature/hs_common/shared_random_client.h +++ b/src/feature/hs_common/shared_random_client.h @@ -38,11 +38,9 @@ time_t sr_state_get_start_time_of_current_protocol_run(void); time_t sr_state_get_start_time_of_previous_protocol_run(void); unsigned int sr_state_get_phase_duration(void); unsigned int sr_state_get_protocol_run_duration(void); -time_t get_start_time_of_current_round(void); #ifdef TOR_UNIT_TESTS #endif /* TOR_UNIT_TESTS */ #endif /* !defined(TOR_SHARED_RANDOM_CLIENT_H) */ - diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 0e4328cb3..148eb5cf9 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -384,7 +384,7 @@ test_get_start_time_functions(void *arg) tt_assert(start_time_of_protocol_run); /* Check that the round start time of the beginning of the run, is itself */ - tt_int_op(get_start_time_of_current_round(), OP_EQ, + tt_int_op(dirauth_sched_get_cur_valid_after_time(), OP_EQ, start_time_of_protocol_run); done:

1 0

[tor/master] Make voting_schedule.h work correctly when dirauth-mode is disabled.
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit 1b66b39699e31adb3f10717e5bd252f294f7636f Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 11:56:55 2020 -0500 Make voting_schedule.h work correctly when dirauth-mode is disabled. --- src/feature/dirauth/voting_schedule.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/feature/dirauth/voting_schedule.h b/src/feature/dirauth/voting_schedule.h index 5472719b2..9e2ac29c7 100644 --- a/src/feature/dirauth/voting_schedule.h +++ b/src/feature/dirauth/voting_schedule.h @@ -11,6 +11,8 @@ #include "core/or/or.h" +#ifdef HAVE_MODULE_DIRAUTH + /** Scheduling information for a voting interval. */ typedef struct { /** When do we generate and distribute our vote for this interval? */ @@ -63,4 +65,29 @@ time_t dirauth_sched_get_next_valid_after_time(void); time_t dirauth_sched_get_cur_valid_after_time(void); int dirauth_sched_get_configured_interval(void); +#else /* !defined(HAVE_MODULE_DIRAUTH) */ + +#define dirauth_sched_recalculate_timing(opt,now) \ + ((void)(opt), (void)(now)) + +static inline time_t +dirauth_sched_get_next_valid_after_time(void) +{ + tor_assert_unreached(); + return 0; +} +static inline time_t +dirauth_sched_get_cur_valid_after_time(void) +{ + tor_assert_unreached(); + return 0; +} +static inline int +dirauth_sched_get_configured_interval(void) +{ + tor_assert_unreached(); + return 1; +} +#endif /* defined(HAVE_MODULE_DIRAUTH) */ + #endif /* !defined(TOR_VOTING_SCHEDULE_H) */

1 0

[tor/master] Comment updates from review.
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit 9a7b10e23fd7e3d1c7e0c8e14ffbea166ef3429a Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Feb 26 08:16:30 2020 -0500 Comment updates from review. --- src/feature/dirauth/voting_schedule.c | 5 ++--- src/feature/hs_common/shared_random_client.c | 6 ++++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/feature/dirauth/voting_schedule.c b/src/feature/dirauth/voting_schedule.c index ddb2c4bb0..efc4a0b31 100644 --- a/src/feature/dirauth/voting_schedule.c +++ b/src/feature/dirauth/voting_schedule.c @@ -3,9 +3,8 @@ /** * \file voting_schedule.c - * \brief This file contains functions that are from the directory authority - * subsystem related to voting specifically but used by many part of - * tor. The full feature is built as part of the dirauth module. + * \brief Compute information about our voting schedule as a directory + * authority. **/ #include "feature/dirauth/voting_schedule.h" diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c index 6b291c934..ece6e101a 100644 --- a/src/feature/hs_common/shared_random_client.c +++ b/src/feature/hs_common/shared_random_client.c @@ -233,8 +233,10 @@ sr_state_get_start_time_of_current_protocol_run(void) time_t beginning_of_curr_round; /* This function is not used for voting purposes, so if we have a live - consensus, use its valid-after as the beginning of the current round, - otherwise resort to the voting schedule which should always exist. */ + consensus, use its valid-after as the beginning of the current round. + If we have no consensus but we're an authority, use our own + schedule. Otherwise, we have a bug somewhere, so we fall back to the + default voting interval. */ networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); if (ns) { beginning_of_curr_round = ns->valid_after;

1 0

[tor/master] changes file for 33436
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit c705c8cf1bf12149543a83fa3bf40023e1385bb9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Feb 24 12:29:47 2020 -0500 changes file for 33436 --- changes/ticket33436 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/changes/ticket33436 b/changes/ticket33436 new file mode 100644 index 000000000..69b5545c6 --- /dev/null +++ b/changes/ticket33436 @@ -0,0 +1,4 @@ + o Minor features (directory authority, shared random): + - Refactor more authority-only parts of the shared-random scheduling code + to reside in the dirauth module, and to be disabled when compiling with + --disable-module-dirauth. Closes ticket 33436.

1 0

[tor/master] Merge branch 'tor-github/pr/1763'
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit edc0bf5089df13d1d6a246e67bddb484ac99ad59 Merge: 6472d9cfd a5bc08579 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Mar 3 14:35:31 2020 +0200 Merge branch 'tor-github/pr/1763' changes/ticket33436 | 4 + src/feature/dirauth/dirauth_config.c | 4 +- src/feature/dirauth/dirvote.c | 8 +- src/feature/dirauth/include.am | 6 +- src/feature/dirauth/shared_random.c | 4 +- src/feature/dirauth/shared_random_state.c | 6 +- .../{dircommon => dirauth}/voting_schedule.c | 113 ++++++++++----------- .../{dircommon => dirauth}/voting_schedule.h | 39 ++++++- src/feature/dircommon/include.am | 6 +- src/feature/hs_common/shared_random_client.c | 82 +++++++++------ src/feature/hs_common/shared_random_client.h | 2 - src/feature/nodelist/networkstatus.c | 48 ++++++++- src/feature/nodelist/networkstatus.h | 3 + src/test/test_dir.c | 4 +- src/test/test_dir_common.c | 2 +- src/test/test_dir_handle_get.c | 16 +-- src/test/test_hs_common.c | 18 ++-- src/test/test_hs_service.c | 12 +-- src/test/test_shared_random.c | 26 ++--- src/test/test_voting_schedule.c | 6 +- 20 files changed, 251 insertions(+), 158 deletions(-)

1 0

[tor/master] shared_random: Improve fallback for client no-live-consensus case.
by asn＠torproject.org 03 Mar '20

03 Mar '20

commit a5bc08579ff67a06441478016025eb4f3fd879b0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Feb 26 11:33:03 2020 -0500 shared_random: Improve fallback for client no-live-consensus case. In this case, when we're looking for the voting interval, we should try looking at the _latest_ consensus if we have one. When we're looking for the start of the current voting period, we can use our existing fallback logic without complaint, since the voting interval code will already have given us a reasonable voting interval, and we want to have a round starting time based on the current time. --- src/feature/hs_common/shared_random_client.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c index ece6e101a..3f46321be 100644 --- a/src/feature/hs_common/shared_random_client.c +++ b/src/feature/hs_common/shared_random_client.c @@ -58,10 +58,20 @@ get_voting_interval(void) networkstatus_t *consensus = networkstatus_get_live_consensus(time(NULL)); if (consensus) { + /* Ideally we have a live consensus and we can just use that. */ interval = (int)(consensus->fresh_until - consensus->valid_after); } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { + /* If we don't have a live consensus and we're an authority, + * we should believe our own view of what the schedule ought to be. */ interval = dirauth_sched_get_configured_interval(); + } else if ((consensus = networkstatus_get_latest_consensus())) { + /* If we're a client, then maybe a latest consensus is good enough? + * It's better than falling back to the non-consensus case. */ + interval = (int)(consensus->fresh_until - consensus->valid_after); } else { + /* We should never be reaching this point, since a client should never + * call this code unless they have some kind of a consensus. All we can + * do is hope that this network is using the default voting interval. */ tor_assert_nonfatal_unreached_once(); interval = DEFAULT_NETWORK_VOTING_INTERVAL; } @@ -235,15 +245,21 @@ sr_state_get_start_time_of_current_protocol_run(void) /* This function is not used for voting purposes, so if we have a live consensus, use its valid-after as the beginning of the current round. If we have no consensus but we're an authority, use our own - schedule. Otherwise, we have a bug somewhere, so we fall back to the - default voting interval. */ + schedule. Otherwise, try using our view of the voting interval + to figure out when the current round _should_ be starting. + */ networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); if (ns) { beginning_of_curr_round = ns->valid_after; } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { beginning_of_curr_round = dirauth_sched_get_cur_valid_after_time(); } else { - tor_assert_nonfatal_unreached_once(); + /* voting_interval comes from get_voting_interval(), so if we're in + * this case as a client, we already tried to get the voting interval + * from the latest_consensus and gave a bug warning if we couldn't. + * + * We wouldn't want to look at the latest consensus's valid_after time, + * since that would be out of date. */ beginning_of_curr_round = voting_sched_get_start_of_interval_after( approx_time() - voting_interval, voting_interval,

1 0

[metrics-cloud/master] Import Ansible and CloudFormation templates for check
by irl＠torproject.org 03 Mar '20

03 Mar '20

commit 434238b858466709bf4de6f68ebcd4d84a75bfea Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Tue Mar 3 10:29:12 2020 +0000 Import Ansible and CloudFormation templates for check --- ansible/exit-scanners-aws.yml | 3 +- ansible/exit-scanners.yml | 14 +++++ ansible/roles/check/tasks/main.yml | 63 ++++++++++++++++++++++ ansible/roles/exit-scanner-sys/tasks/main.yml | 25 +++++---- ansible/roles/exit-scanner/files/exitscan.py | 8 +-- .../roles/exit-scanner/files/exitscanner.service | 4 +- ansible/roles/exit-scanner/handlers/main.yml | 8 +++ ansible/roles/exit-scanner/tasks/main.yml | 29 +++++----- 8 files changed, 122 insertions(+), 32 deletions(-) diff --git a/ansible/exit-scanners-aws.yml b/ansible/exit-scanners-aws.yml index 72ce0c6..1d79d12 100644 --- a/ansible/exit-scanners-aws.yml +++ b/ansible/exit-scanners-aws.yml @@ -1,9 +1,8 @@ --- - hosts: exit-scanners user: admin - vars: - onionoo_version: 7.0-1.21.0 roles: - tor-client - exit-scanner-sys - exit-scanner + - check diff --git a/ansible/exit-scanners.yml b/ansible/exit-scanners.yml new file mode 100644 index 0000000..00519c5 --- /dev/null +++ b/ansible/exit-scanners.yml @@ -0,0 +1,14 @@ +--- +- hosts: exit-scanners + pre_tasks: + - name: get sudo password + local_action: shell pass Tor/sudo/check + register: pass_output + changed_when: False + when: ansible_user_id == "irl" + - name: store as ansible become password + set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}" + when: ansible_user_id == "irl" + roles: + - exit-scanner + - check diff --git a/ansible/roles/check/tasks/main.yml b/ansible/roles/check/tasks/main.yml new file mode 100644 index 0000000..bb4d53b --- /dev/null +++ b/ansible/roles/check/tasks/main.yml @@ -0,0 +1,63 @@ +--- +- name: clone the sources + git: + repo: https://git.torproject.org/check.git + dest: /srv/check.torproject.org/check + become: true + become_user: check +- name: create a gopath directory + file: + path: /srv/check.torproject.org/go + state: directory + become: true + become_user: check +#- name: install the ipscan module +# copy: +# src: ipscan.py +# dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py +# mode: 0755 +# become: true +# become_user: tordnsel +- name: create systemd user directory for check + file: + path: /srv/check.torproject.org/.config/systemd/user + state: directory + become: true + become_user: check +- name: get sources for go gettext + shell: + cmd: go get github.com/samuel/go-gettext/gettext + become: true + become_user: check +- name: update translations + make: + chdir: /srv/check.torproject.org/check + target: i18n + become: true + become_user: check +- name: build + make: + chdir: /srv/check.torproject.org/check + target: build + become: true + become_user: check +#- name: install exit scanner service file +# copy: +# src: exitscanner.service +# dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service" +# become: true +# become_user: tordnsel +#- name: reload systemd daemon +# systemd: +# scope: user +# daemon_reload: yes +# become: true +# become_user: tordnsel +#- name: enable and start exitscanner service +# systemd: +# scope: user +# name: exitscanner +# state: started +# enabled: yes +# become: yes +# become_user: tordnsel diff --git a/ansible/roles/exit-scanner-sys/tasks/main.yml b/ansible/roles/exit-scanner-sys/tasks/main.yml index 78916d8..19806ea 100644 --- a/ansible/roles/exit-scanner-sys/tasks/main.yml +++ b/ansible/roles/exit-scanner-sys/tasks/main.yml @@ -22,33 +22,32 @@ pkg: - git - python-dnspython + - curl + - gettext + - golang-go + - build-essential + - python-dateutil update_cache: yes become: yes - name: create check account user: name: check comment: "Check Service User" - #uid: 1547 + uid: 1507 state: present become: yes - name: create tordnsel account user: name: tordnsel comment: "Exit Scanner Service User" - #uid: 1547 + uid: 1532 state: present become: yes - name: create service directory file: - path: /srv/exitscanner.torproject.org + path: /srv/tordnsel.torproject.org state: directory become: yes -- name: link /home in /srv - file: - src: /home - dest: /srv/home - state: link - become: yes - name: link home directories /home file: src: "{{ item.src }}" @@ -56,12 +55,12 @@ state: link force: yes with_items: - - { src: /home/tordnsel, dest: /srv/exitscanner.torproject.org/home } - - { src: /home/check, dest: /srv/exitscanner.torproject.org/check-home } + - { src: /home/tordnsel, dest: /srv/tordnsel.torproject.org } + - { src: /home/check, dest: /srv/check.torproject.org } become: yes - name: create exit scanner runtime directory file: - path: /srv/exitscanner.torproject.org/exitscanner + path: /srv/tordnsel.torproject.org/exitscanner owner: tordnsel group: tordnsel mode: 0755 @@ -69,7 +68,7 @@ become: yes - name: create check runtime directory file: - path: /srv/exitscanner.torproject.org/check + path: /srv/tordnsel.torproject.org/check owner: check group: check mode: 0755 diff --git a/ansible/roles/exit-scanner/files/exitscan.py b/ansible/roles/exit-scanner/files/exitscan.py index 14c0b17..11e9e56 100644 --- a/ansible/roles/exit-scanner/files/exitscan.py +++ b/ansible/roles/exit-scanner/files/exitscan.py @@ -54,7 +54,7 @@ def run(): # Import new measurements with subprocess.Popen(["./bin/exitmap", "ipscan", "-o", "/dev/stdout"], - cwd="/srv/exitscanner.torproject.org/exitscanner/exitmap", + cwd="/srv/tordnsel.torproject.org/exitscanner/exitmap", stdout=subprocess.PIPE, encoding='utf-8') as p: for line in p.stdout: @@ -63,7 +63,6 @@ def run(): r"^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} modules\.ipscan \[INFO\] (\{.*\})$", line) if result: - print(result) check_result = json.loads(result.group(2)) desc = stem.descriptor.tordnsel.TorDNSEL("", False) desc.fingerprint = check_result["Fingerprint"] @@ -94,7 +93,10 @@ def run(): out.write(f"ExitAddress {a[0]} {a[1]}\n") # Provide the snapshot emulation - os.unlink("lists/latest") + try: + os.unlink("lists/latest") + except FileNotFoundError: + pass # ok maybe this is the first time we run os.symlink(os.path.abspath(f"lists/{filename}"), "lists/latest") if __name__ == "__main__": diff --git a/ansible/roles/exit-scanner/files/exitscanner.service b/ansible/roles/exit-scanner/files/exitscanner.service index 012d8b7..920a081 100644 --- a/ansible/roles/exit-scanner/files/exitscanner.service +++ b/ansible/roles/exit-scanner/files/exitscanner.service @@ -3,8 +3,8 @@ Description=Exit Scanner [Service] Type=simple -WorkingDirectory=/srv/exitscanner.torproject.org/exitscanner -ExecStart=/usr/bin/python3 /srv/exitscanner.torproject.org/exitscanner/exitscan.py +WorkingDirectory=/srv/tordnsel.torproject.org +ExecStart=/usr/bin/python3 /srv/tordnsel.torproject.org/exitscanner/exitscan.py [Install] WantedBy=default.target diff --git a/ansible/roles/exit-scanner/handlers/main.yml b/ansible/roles/exit-scanner/handlers/main.yml new file mode 100644 index 0000000..3fc7ea0 --- /dev/null +++ b/ansible/roles/exit-scanner/handlers/main.yml @@ -0,0 +1,8 @@ +- name: restart exit scanner + systemd: + scope: user + daemon_reload: true + name: exitscanner + state: restarted + become: yes + become_user: tordnsel diff --git a/ansible/roles/exit-scanner/tasks/main.yml b/ansible/roles/exit-scanner/tasks/main.yml index d80edb5..abbf865 100644 --- a/ansible/roles/exit-scanner/tasks/main.yml +++ b/ansible/roles/exit-scanner/tasks/main.yml @@ -1,53 +1,58 @@ --- +- name: create exit scanner application directory + file: + path: /srv/tordnsel.torproject.org/exitscanner + state: directory + become: true + become_user: tordnsel - name: clone the sources git: repo: https://github.com/NullHypothesis/exitmap.git - dest: /srv/exitscanner.torproject.org/exitscanner/exitmap + dest: /srv/tordnsel.torproject.org/exitscanner/exitmap become: true become_user: tordnsel + notify: restart exit scanner - name: install the ipscan module copy: src: ipscan.py - dest: /srv/exitscanner.torproject.org/exitscanner/exitmap/src/modules/ipscan.py + dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py mode: 0755 become: true become_user: tordnsel + notify: restart exit scanner - name: install the exit scanner script copy: src: exitscan.py - dest: /srv/exitscanner.torproject.org/exitscanner/exitscan.py + dest: /srv/tordnsel.torproject.org/exitscanner/exitscan.py mode: 0755 become: true become_user: tordnsel + notify: restart exit scanner - name: create systemd user directory for exitscanner file: - path: /srv/exitscanner.torproject.org/home/.config/systemd/user + path: /srv/tordnsel.torproject.org/.config/systemd/user state: directory become: true become_user: tordnsel - name: create exit lists directory file: - path: /srv/exitscanner.torproject.org/exitscanner/lists + path: /srv/tordnsel.torproject.org/lists state: directory become: true become_user: tordnsel - name: install exit scanner service file copy: src: exitscanner.service - dest: "/srv/exitscanner.torproject.org/home/.config/systemd/user/exitscanner.service" - become: true - become_user: tordnsel -- name: reload systemd daemon - systemd: - scope: user - daemon_reload: yes + dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service" become: true become_user: tordnsel + notify: restart exit scanner - name: enable and start exitscanner service systemd: scope: user name: exitscanner state: started enabled: yes + daemon_reload: true become: yes become_user: tordnsel

1 0

[tor-browser/tor-browser-68.5.0esr-9.5-1] fixup! Bug 23247: Communicating security expectations for .onion
by boklm＠torproject.org 03 Mar '20

03 Mar '20

commit 03101bba2cf4a694deec0b7b040d8141f8c7cf20 Author: Richard Pospesel <richard(a)torproject.org> Date: Wed Feb 12 16:41:26 2020 -0600 fixup! Bug 23247: Communicating security expectations for .onion --- browser/base/content/browser-siteIdentity.js | 14 ++++++-------- .../shared/identity-block/identity-block.inc.css | 18 +++++++++--------- .../themes/shared/identity-block/onion-disabled.svg | 9 --------- browser/themes/shared/identity-block/onion-lock.svg | 9 --------- browser/themes/shared/identity-block/onion-slash.svg | 5 +++++ browser/themes/shared/identity-block/onion-warning.svg | 6 ++++++ browser/themes/shared/identity-block/onion.svg | 9 ++------- browser/themes/shared/jar.inc.mn | 4 ++-- 8 files changed, 30 insertions(+), 44 deletions(-) diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 9da2e289b86d..32e939787fb7 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -682,12 +682,8 @@ var gIdentityHandler = { ); // _isSecure implicitly includes onion services, which may not have an SSL certificate } else if (this._uriHasHost && this._isSecure && this._secInfo != null) { - let uriIsOnionHost = this._uriIsOnionHost; - if (uriIsOnionHost) { - this._identityBox.className = this._secInfo.serverCert.isSelfSigned ? "onionSelfSigned" : "onionVerifiedDomain"; - } else { - this._identityBox.className = "verifiedDomain"; - } + const uriIsOnionHost = this._uriIsOnionHost; + this._identityBox.className = uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain"; if (this._isMixedActiveContentBlocked) { this._identityBox.classList.add(uriIsOnionHost ? "onionMixedActiveBlocked" : "mixedActiveBlocked"); } @@ -708,7 +704,7 @@ var gIdentityHandler = { // For net errors we should not show notSecure as it's likely confusing this._identityBox.className = "unknownIdentity"; } else { - let uriIsOnionHost = this._uriIsOnionHost; + const uriIsOnionHost = this._uriIsOnionHost; if (this._isBroken) { this._identityBox.className = uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity"; @@ -719,6 +715,7 @@ var gIdentityHandler = { } else if (this._isMixedPassiveContentLoaded) { this._identityBox.classList.add(uriIsOnionHost ? "onionMixedDisplayContent" : "mixedDisplayContent"); } else { + // TODO: ignore weak https cipher for onionsites? this._identityBox.classList.add("weakCipher"); } } else { @@ -749,7 +746,8 @@ var gIdentityHandler = { } if (this._isCertUserOverridden) { - this._identityBox.classList.add("certUserOverridden"); + const uriIsOnionHost = this._uriIsOnionHost; + this._identityBox.classList.add(uriIsOnionHost ? "onionCertUserOverridden" : "certUserOverridden"); // Cert is trusted because of a security exception, verifier is a special string. tooltip = gNavigatorBundle.getString( "identity.identified.verified_by_you" diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css index e1911fd47305..b96f10d3754b 100644 --- a/browser/themes/shared/identity-block/identity-block.inc.css +++ b/browser/themes/shared/identity-block/identity-block.inc.css @@ -300,22 +300,22 @@ toolbar[brighttext] #urlbar[pageproxystate="valid"] > #identity-box.chromeUI > # } #urlbar[pageproxystate="valid"] > #identity-box.onionUnknownIdentity > #connection-icon, -#urlbar[pageproxystate="valid"] > #identity-box.onionSelfSigned > #connection-icon { - list-style-image: url(chrome://browser/skin/onion.svg); - visibility: visible; -} - #urlbar[pageproxystate="valid"] > #identity-box.onionVerifiedDomain > #connection-icon, #urlbar[pageproxystate="valid"] > #identity-box.onionVerifiedIdentity > #connection-icon, #urlbar[pageproxystate="valid"] > #identity-box.onionMixedActiveBlocked > #connection-icon { - list-style-image: url(chrome://browser/skin/onion-lock.svg); + list-style-image: url(chrome://browser/skin/onion.svg); visibility: visible; } -#urlbar[pageproxystate="valid"] > #identity-box.onionMixedActiveContent > #connection-icon, +#urlbar[pageproxystate="valid"] > #identity-box.onionMixedDisplayContent > #connection-icon, #urlbar[pageproxystate="valid"] > #identity-box.onionMixedDisplayContentLoadedActiveBlocked > #connection-icon, -#urlbar[pageproxystate="valid"] > #identity-box.onionMixedDisplayContent > #connection-icon { - list-style-image: url(chrome://browser/skin/onion-disabled.svg); +#urlbar[pageproxystate="valid"] > #identity-box.onionCertUserOverridden > #connection-icon { + list-style-image: url(chrome://browser/skin/onion-warning.svg); + visibility: visible; +} + +#urlbar[pageproxystate="valid"] > #identity-box.onionMixedActiveContent > #connection-icon { + list-style-image: url(chrome://browser/skin/onion-slash.svg); visibility: visible; } diff --git a/browser/themes/shared/identity-block/onion-disabled.svg b/browser/themes/shared/identity-block/onion-disabled.svg deleted file mode 100644 index f5b20a87a923..000000000000 --- a/browser/themes/shared/identity-block/onion-disabled.svg +++ /dev/null @@ -1,9 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> - <title>onion-disabled</title> - <defs></defs> - <g id="onion-disabled" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> - <path d="M3.55670557,13.5290809 C2.58943965,12.7067569 2,11.5773827 2,10.2383803 C2,8.40140797 3.11044937,6.84614642 4.80245393,5.95790561 C4.86922061,5.92314081 4.937062,5.88953483 5.00557508,5.85697179 C5.34048317,5.68140952 5.95495153,5.31464081 6.18735866,4.8796172 C6.261514,4.74090562 6.26057363,4.55305979 6.20885297,4.4070476 C6.11172559,4.13310092 5.57517408,3.53792744 5.57517408,3.53792744 L6.39988357,3 L7.47070238,3.38224206 C7.23186151,2.5028722 6.97233174,1.62308364 8.87366696,4.4408921e-16 L8.87366696,0.000113687544 C8.14572562,0.965320936 8.77600936,1.33867083 8.69392696,2.02329722 C9.36752565,0.933374736 10.7903253,0.789787368 11.8884333,0.334923505 C10.6431583,1.59850841 9.72300609,3.05795044 8.87524898,3.88361241 L9.6358507,4.15511863 C9.6358507,4.15511863 9.27501511,4.42489353 9.52743882,4.95911272 C9.65035936,5.21926936 9.85710767,5.38741514 10.0560643,5.49588134 C10.2394376,5.55069385 10.4187806,5.61269109 10.5936905,5.68164129 C10.7858529,5.7574053 10.972 3418,5.84145128 11.1524919,5.93329454 L3.55670557,13.5290809 Z M5.3590214,14.5551922 L12.7674177,7.1467959 C13.5406039,7.99044704 14,9.05632625 14,10.2383803 C14,13.0968586 11.3137496,15 8,15 C7.05229776,15 6.15591919,14.8443406 5.3590214,14.5551922 Z" id="Combined-Shape" fill="#4A4A4A" fill-rule="nonzero"></path> - <path d="M13.7928932,1.29289322 C14.1834175,0.902368927 14.8165825,0.902368927 15.2071068,1.29289322 C15.5976311,1.68341751 15.5976311,2.31658249 15.2071068,2.70710678 L2.70710678,15.2071068 C2.31658249,15.5976311 1.68341751,15.5976311 1.29289322,15.2071068 C0.902368927,14.8165825 0.902368927,14.1834175 1.29289322,13.7928932 L13.7928932,1.29289322 Z" id="Line-2" fill="#D92D21" fill-rule="nonzero"></path> - </g> -</svg> diff --git a/browser/themes/shared/identity-block/onion-lock.svg b/browser/themes/shared/identity-block/onion-lock.svg deleted file mode 100644 index c88247eb19d7..000000000000 --- a/browser/themes/shared/identity-block/onion-lock.svg +++ /dev/null @@ -1,9 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> - <title>onion+lock</title> - <defs></defs> - <g id="onion+lock" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> - <path d="M6.12228848,14.9544711 C3.22461281,14.6498012 1,12.8396709 1,10.2383803 C1,8.40140797 2.11044937,6.84614642 3.80245393,5.95790561 C3.86922061,5.92314081 3.937062,5.88953483 4.00557508,5.85697179 C4.34048317,5.68140952 4.95495153,5.31464081 5.18735866,4.8796172 C5.261514,4.74090562 5.26057363,4.55305979 5.20885297,4.4070476 C5.11172559,4.13310092 4.57517408,3.53792744 4.57517408,3.53792744 L5.39988357,3 L6.47070238,3.38224206 C6.23186151,2.5028722 5.97233174,1.62308364 7.87366696,0 L7.87366696,0.000113687544 C7.14572562,0.965320936 7.77600936,1.33867083 7.69392696,2.02329722 C8.36752565,0.933374736 9.79032527,0.789787368 10.8884333,0.334923505 C9.64315826,1.59850841 8.72300609,3.05795044 7.87524898,3.88361241 L8.6358507,4.15511863 C8.6358507,4.15511863 8.27501511,4.42489353 8.52743882,4.95911272 C8.56957789,5.04829846 8.6215686,5.12667085 8.67971976,5.19553247 C7.54569301,5.94640706 6.80000003,7.23368269 6.80000003,8.70000013 L6.80000003,8.80234816 C6.31732959,9.1249 1448 6,9.67479474 6,10.3000002 L6,14.3000003 C6,14.530995 6.04331804,14.7517071 6.12228848,14.9544711 Z" id="Combined-Shape" fill="#589A0F" fill-rule="nonzero"></path> - <path d="M11.0000002,5.5 C9.22720009,5.5 7.80000003,6.92720006 7.80000003,8.70000013 L7.80000003,9.50000016 C7.35680001,9.50000016 7,9.85680017 7,10.3000002 L7,14.3000003 C7,14.7432004 7.35680001,15.1000004 7.80000003,15.1000004 L14.2000003,15.1000004 C14.6432003,15.1000004 15.0000003,14.7432004 15.0000003,14.3000003 L15.0000003,10.3000002 C15.0000003,9.85680017 14.6432003,9.50000016 14.2000003,9.50000016 L14.2000003,8.70000013 C14.2000003,6.92720006 12.7728002,5.5 11.0000002,5.5 Z M11.0000002,7.10000006 C11.8864002,7.10000006 12.6000002,7.81360009 12.6000002,8.70000013 L12.6000002,9.50000016 L9.4000001,9.50000016 L9.4000001,8.70000013 C9.4000001,7.81360009 10.1136001,7.10000006 11.0000002,7.10000006 Z" id="Shape" fill="#589A0F" fill-rule="nonzero"></path> - </g> -</svg> diff --git a/browser/themes/shared/identity-block/onion-slash.svg b/browser/themes/shared/identity-block/onion-slash.svg new file mode 100644 index 000000000000..e7c98b769482 --- /dev/null +++ b/browser/themes/shared/identity-block/onion-slash.svg @@ -0,0 +1,5 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M3.409559 13.112147C3.409559 13.112147 8.200807 8.103115 8.200807 8.103115C8.200807 8.103115 8.200807 6.516403 8.200807 6.516403C8.620819 6.516403 9.009719 6.703075 9.274171 6.998639C9.274171 6.998639 10.160863 6.080835 10.160863 6.080835C9.663071 5.567487 8.978607 5.256367 8.200807 5.256367C8.200807 5.256367 8.200807 4.400787 8.200807 4.400787C9.196391 4.400787 10.098639 4.805243 10.736435 5.458595C10.736435 5.458595 11.623127 4.540791 11.623127 4.540791C10.751991 3.669655 9.538623 3.125195 8.200807 3.125195C8.200807 3.125195 8.200807 2.269615 8.200807 2.269615C9.756407 2.269615 11.172003 2.907411 12.214255 3.918551C12.214255 3.918551 13.100947 3.000747 13.100947 3.000747C11.825355 1.756267 10.098639 0.994023 8.185251 0.994023C4.311807 0.994023 1.185051 4.120779 1.185051 7.994223C1.185051 10.016503 2.040631 11.836555 3.409559 13.112147C3.409559 13.112147 3.409559 13.112147 3.409559 13.112147" fill-opacity="context-fill-opacity" fill="context-fill" /> + <path d="M14.205423 4.416343C14.205423 4.416343 13.287619 5.380815 13.287619 5.380815C13.692075 6.158615 13.909859 7.045307 13.909859 7.994223C13.909859 11.152091 11.358675 13.718831 8.200807 13.718831C8.200807 13.718831 8.200807 12.863251 8.200807 12.863251C10.891995 12.863251 13.069835 10.669855 13.069835 7.978667C13.069835 7.278647 12.929831 6.625295 12.665379 6.018611C12.665379 6.018611 11.685351 7.045307 11.685351 7.045307C11.763131 7.340871 11.809799 7.651991 11.809799 7.963111C11.809799 9.954279 10.207531 11.556547 8.216363 11.572103C8.216363 11.572103 8.216363 10.716523 8.216363 10.716523C9.725295 10.700967 10.954219 9.472043 10.954219 7.963111C10.954219 7.916443 10.954219 7.854219 10.954219 7.807551C10.954219 7.807551 4.887379 14.169955 4.887379 14.169955C5.867407 14.698859 6.987439 14.994423 8.185251 14.994423C12.058695 14.994423 15.185451 11.867667 15.185451 7.994223C15.185451 6.687519 14.827663 5.474151 14.205423 4.416343C14.205423 4.416343 14.205423 4.416343 14.205423 4.416343" fill-opacity="context-fill-opacity" fill="context-fill" /> + <path d="M1.791735 15.461103C1.402835 15.461103 1.045047 15.212207 0.889487 14.838863C0.733927 14.465519 0.827267 14.014395 1.107271 13.734387C1.107271 13.734387 13.458735 0.822907 13.458735 0.822907C13.847635 0.434007 14.454319 0.449563 14.827663 0.838467C15.201007 1.227367 15.216563 1.865163 14.843223 2.269619C14.843223 2.269619 2.491759 15.181099 2.491759 15.181099C2.289531 15.352215 2.040635 15.461107 1.791739 15.461107C1.791739 15.461107 1.791735 15.461103 1.791735 15.461103" fill="#ff0039" /> +</svg> diff --git a/browser/themes/shared/identity-block/onion-warning.svg b/browser/themes/shared/identity-block/onion-warning.svg new file mode 100644 index 000000000000..d42a7dab7246 --- /dev/null +++ b/browser/themes/shared/identity-block/onion-warning.svg @@ -0,0 +1,6 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M15.8630401732 14.127C15.8630401732 14.127 12.6649598146 7.716 12.6649598146 7.716C12.4469357756 7.279935 12.0003277145 7.0043454 11.5116853046 7.0043454C11.0230428947 7.0043454 10.5764348336 7.279935 10.3584107946 7.716C10.3584107946 7.716 7.1573218938 14.127 7.1573218938 14.127C6.95646770542 14.527294 6.97733695982 15.002669 7.21250176686 15.38393C7.4476665739 15.765191 7.86372750208 15.998191 8.3126020986 16.0C8.3126020986 16.0 14.7077599684 16.0 14.7077599684 16.0C15.1566344646 15.9982 15.572695794 15.765191 15.8078605007 15.38393C16.0430252075 15.002669 16.0638944619 14.527294 15.8630371647 14.127C15.8630371647 14.127 15.8630401732 14.127 15.8630401732 14.127" fill="#ffbf00" /> + <path d="M11.5106824572 8.0C11.6210488221 7.99691 11.7223975832 8.060469 11.7674113916 8.161C11.7674113916 8.161 14.9644889028 14.573 14.9644889028 14.573C15.0126456349 14.66534 15.0076715118 14.776305 14.9514518866 14.864C14.9011992034 14.95041 14.8079143382 15.002854 14.7077599684 15.001048C14.7077599684 15.001048 8.3126020986 15.001048 8.3126020986 15.001048C8.2124480296 15.002854 8.1191607576 14.950409 8.0689101804 14.864C8.0124814615 14.77637 8.0075053327 14.665298 8.0558731642 14.573C8.0558731642 14.573 11.2529506754 8.161 11.2529506754 8.161C11.2981038796 8.0601247 11.3999560701 7.9964997 11.5106824572 8.0M11.5106824572 6.9999751C11.0194557096 6.9969427 10.5701148893 7.2754275 10.3554022524 7.716C10.3554022524 7.716 7.1573218938 14.127 7.1573218938 14.127C6.95646770542 14.527294 6.97733695982 15.002669 7.21250176686 15.38393C7.4476665739 15.765191 7.86372750208 15.998191 8.3126020986 16.0C8.3126020986 16.0 14.7077599684 16.0 14.7077599684 16.0C15.1566344646 15.9982 15.57269 5794 15.765191 15.8078605007 15.38393C16.0430252075 15.002669 16.0638944619 14.527294 15.8630371647 14.127C15.8630371647 14.127 12.6649598146 7.716 12.6649598146 7.716C12.4504036219 7.2757546 12.0015481798 6.9973287 11.5106824572 6.9999751C11.5106824572 6.9999751 11.5106824572 6.9999751 11.5106824572 6.9999751" opacity="0.35" fill="#d76e00" /> + <path d="M11.5327451 12.0C11.8096733867 12.0 12.0341688 11.776142 12.0341688 11.5C12.0341688 11.5 12.0341688 9.5 12.0341688 9.5C12.0341688 9.2238576 11.8096733867 9.0 11.5327451 9.0C11.2558168133 9.0 11.0313214 9.2238576 11.0313214 9.5C11.0313214 9.5 11.0313214 11.5 11.0313214 11.5C11.0313214 11.776142 11.2558168133 12.0 11.5327451 12.0C11.5327451 12.0 11.5327451 12.0 11.5327451 12.0M11.5327451 12.809C11.1500294496 12.809 10.8397775466 13.118371 10.8397775466 13.5C10.8397775466 13.881629 11.1500294496 14.191 11.5327451 14.191C11.9154607504 14.191 12.2257126534 13.881629 12.2257126534 13.5C12.2257126534 13.118371 11.9154607504 12.809 11.5327451 12.809C11.5327451 12.809 11.5327451 12.809 11.5327451 12.809" fill="#ffffff" /> + <path d="M7.08030321348 6.552C7.90163523408 6.56 8.5645173655 7.225 8.5645173655 8.046C8.5645173655 8.866 7.90163523408 9.532 7.08030321348 9.54C7.08030321348 9.54 7.08030321348 6.552 7.08030321348 6.552M6.30610502068 13.756C6.30610502068 13.756 9.4991711423 7.353 9.4991711423 7.353C9.5453021227 7.259 9.6144985933 7.184 9.6716608951 7.098C9.2845617987 6.039 8.2756973143 5.277 7.08030321348 5.271C7.08030321348 5.271 7.08030321348 4.417 7.08030321348 4.417C8.5043465215 4.423 9.7238089599 5.251 10.3164917733 6.443C10.6795225321 6.21 11.1067355245 6.074 11.5519997701 6.074C11.5519997701 6.074 11.5620282441 6.074 11.5620282441 6.074C11.5620282441 6.074 11.5640339389 6.074 11.5640339389 6.074C11.5660396337 6.074 11.5690481759 6.075 11.5710538707 6.075C10.8108955415 4.35 9.0900094031 3.141 7.08030321348 3.135C7.08030321348 3.135 7.08030321348 2.281 7.08030321348 2.281C9.6716608951 2.288 11.8618796167 3.993 12.5889439817 6.34C13.0231769059 6.561 13.3922247491 6.9 13.6088397875 7.344C13.60 88397875 7.344 14.1162805719 8.361 14.1162805719 8.361C14.1202919615 8.256 14.1313232829 8.152 14.1313232829 8.046C14.1313232829 4.155 10.9683425833 1.0 7.06626334988 1.0C3.16318126908 1.0 0.00020056948 4.155 0.00020056948 8.046C0.00020056948 11.603 2.64571201068 14.536 6.08046435568 15.015C6.03633907008 14.595 6.10252699848 14.16 6.30610502068 13.756C6.30610502068 13.756 6.30610502068 13.756 6.30610502068 13.756" fill-opacity="context-fill-opacity" fill="context-fill" /> +</svg> diff --git a/browser/themes/shared/identity-block/onion.svg b/browser/themes/shared/identity-block/onion.svg index e102f41c5991..b123a9786acc 100644 --- a/browser/themes/shared/identity-block/onion.svg +++ b/browser/themes/shared/identity-block/onion.svg @@ -1,8 +1,3 @@ -<?xml version="1.0" encoding="UTF-8"?> -<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> - <title>onion</title> - <defs></defs> - <g id="onion" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> - <path d="M7.47070238,3.38224206 C7.23186151,2.5028722 6.97233174,1.62308364 8.87366696,4.4408921e-16 L8.87366696,0.000113687544 C8.14572562,0.965320936 8.77600936,1.33867083 8.69392696,2.02329722 C9.36752565,0.933374736 10.7903253,0.789787368 11.8884333,0.334923505 C10.6431583,1.59850841 9.72300609,3.05795044 8.87524898,3.88361241 L9.6358507,4.15511863 C9.6358507,4.15511863 9.27501511,4.42489353 9.52743882,4.95911272 C9.65035936,5.21926936 9.85710767,5.38741514 10.0560643,5.49588134 C10.2394376,5.55069385 10.4187806,5.61269109 10.5936905,5.68164129 C12.6087813,6.47613299 14,8.18134675 14,10.2383803 C14,13.0968586 11.3137496,15 8,15 C4.68625036,15 2,13.0968586 2,10.2383803 C2,8.40140797 3.11044937,6.84614642 4.80245393,5.95790561 C4.86922061,5.92314081 4.937062,5.88953483 5.00557508,5.85697179 C5.34048317,5.68140952 5.95495153,5.31464081 6.18735866,4.8796172 C6.261514,4.74090562 6.26057363,4.55305979 6.20885297,4.4070476 C6.11172559,4.13310092 5.57517408,3.53792744 5.57517408 ,3.53792744 L6.39988357,3 L7.47070238,3.38224206 Z" id="Combined-Shape" fill="#589A0F" fill-rule="nonzero"></path> - </g> +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M8.01435945 13.726867125C8.01435945 13.726867125 8.01435945 12.87830525 8.01435945 12.87830525C10.70227825 12.87051775 12.87869375 10.689666 12.87869375 7.9998060125C12.87869375 5.310140275 10.70227825 3.1292621 8.01435945 3.121500325C8.01435945 3.121500325 8.01435945 2.272938975 8.01435945 2.272938975C11.170899375 2.280892725 13.727061375 4.8415202875 13.727061375 7.9998060125C13.727061375 11.158285375 11.170899375 13.719105 8.01435945 13.726867125C8.01435945 13.726867125 8.01435945 13.726867125 8.01435945 13.726867125M8.01435945 10.756805625C9.5304373 10.74884925 10.75758175 9.5180185125 10.75758175 7.9998060125C10.75758175 6.4817875 9.5304373 5.2509564125 8.01435945 5.2430005625C8.01435945 5.2430005625 8.01435945 4.3946332875 8.01435945 4.3946332875C9.999251625 4.4023945375 11.60614275 6.013167425 11.60614275 7.9998060125C11.60614275 9.986639375 9.999251625 11.597411125 8.01435945 11.605172375C8.01435945 11.605172375 8.01435945 10.756805625 8.01435945 10.756805625M8.01 435945 6.5157454625C8.8276046625 6.5235067125 9.484837025 7.184620575 9.484837025 7.9998060125C9.484837025 8.815185875 8.8276046625 9.4762985125 8.01435945 9.4840608125C8.01435945 9.4840608125 8.01435945 6.5157454625 8.01435945 6.5157454625M1.0 7.9998060125C1.0 11.8659705 4.1338360375 15.0 8.0000000875 15.0C11.8659705 15.0 15.0 11.8659705 15.0 7.9998060125C15.0 4.1338360375 11.8659705 1.0 8.0000000875 1.0C4.1338360375 1.0 1.0 4.1338360375 1.0 7.9998060125C1.0 7.9998060125 1.0 7.9998060125 1.0 7.9998060125" fill-rule="even-odd" fill-opacity="context-fill-opacity" fill="context-fill" /> </svg> diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn index 680893a66140..1d0f9a455ad0 100644 --- a/browser/themes/shared/jar.inc.mn +++ b/browser/themes/shared/jar.inc.mn @@ -59,8 +59,8 @@ skin/classic/browser/connection-mixed-passive-loaded.svg (../shared/identity-block/connection-mixed-passive-loaded.svg) skin/classic/browser/connection-mixed-active-loaded.svg (../shared/identity-block/connection-mixed-active-loaded.svg) skin/classic/browser/onion.svg (../shared/identity-block/onion.svg) - skin/classic/browser/onion-lock.svg (../shared/identity-block/onion-lock.svg) - skin/classic/browser/onion-disabled.svg (../shared/identity-block/onion-disabled.svg) + skin/classic/browser/onion-slash.svg (../shared/identity-block/onion-slash.svg) + skin/classic/browser/onion-warning.svg (../shared/identity-block/onion-warning.svg) skin/classic/browser/identity-icon.svg (../shared/identity-block/identity-icon.svg) skin/classic/browser/identity-icon-notice.svg (../shared/identity-block/identity-icon-notice.svg) skin/classic/browser/info.svg (../shared/info.svg)

1 0

[translation/donatepages-messagespot] https://gitweb.torproject.org/translation.git/commit/?h=donatepages-messagespot
by translation＠torproject.org 03 Mar '20

03 Mar '20

commit b544b889f2b113a0f7e80248fb19133347fadde2 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Mar 3 10:15:39 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=donatepages-message… --- locale/zh_CN/LC_MESSAGES/messages.po | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/locale/zh_CN/LC_MESSAGES/messages.po b/locale/zh_CN/LC_MESSAGES/messages.po index dff5e460c4..06ec12278d 100644 --- a/locale/zh_CN/LC_MESSAGES/messages.po +++ b/locale/zh_CN/LC_MESSAGES/messages.po @@ -940,10 +940,12 @@ msgid "" "Get this year's Take Back the Internet With Tor t-shirt and the Tor: " "Strength in Numbers t-shirt." msgstr "" +"获得我们今年的“Take Back the Internet With Tor（与Tor一起为网络自由而奋斗）”T恤和”the Tor: " +"Strength in Numbers（Tor：让我们一起努力）”T恤。" #: tmp/cache_locale/af/af919ed4d7946ee7ed7d71a5580f4c75c5fb2b9374dd8d99d3a0671f71654f60.php:294 msgid "how do you want to <span class=\"lime\">DONATE</span>?" -msgstr "" +msgstr "您准备如何捐款？" #: tmp/cache_locale/af/af919ed4d7946ee7ed7d71a5580f4c75c5fb2b9374dd8d99d3a0671f71654f60.php:456 msgid "State/Province/Region" @@ -1188,7 +1190,7 @@ msgid "" "creating and deploying free and open anonymity and privacy technologies, " "supporting their unrestricted availability and use, and furthering their " "scientific and popular understanding." -msgstr "" +msgstr "Tor项目的宗旨是通过创造免费且对外开放的匿名与隐私保护技术，保障每一个人的便捷使用和传递Tor的科学思想与价值理念，来维护人权和自由。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:155 msgid "" @@ -1518,7 +1520,7 @@ msgstr "Tor Project 每年花费多少钱，用在了哪里？" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:311 msgid "The Tor Project spends about $5 million annually." -msgstr "" +msgstr "Tor项目（the Tor Project）每年花费约500，0000美元。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:313 #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:230 @@ -1765,7 +1767,7 @@ msgstr "对于使用 Paypal 的用户：有些人用 Tor 浏览器登录 Paypal msgid "" "Some users experience issues because PayPal limits the number of times an IP" " address can be used in a certain period of time." -msgstr "" +msgstr "有一些用户遇到了故障，这是因为PayPal限制了某一IP地址在一段特定时间内可以被使用的次数。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:447 msgid "This is to prevent fraud from card testers." @@ -1773,7 +1775,7 @@ msgstr "" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:449 msgid "If you run into an issue, please try again." -msgstr "" +msgstr "如果您遇到了一些故障，请再次尝试。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:451 msgid "" @@ -1845,7 +1847,7 @@ msgstr "那有最高捐款额吗？" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:497 msgid "Nope." -msgstr "" +msgstr "不。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:499 msgid "" @@ -1853,6 +1855,7 @@ msgid "" " hire a person to monitor the Tor network full time, or research, test, and " "implement ideas we have for making the Tor network even stronger." msgstr "" +"更多来自您的资金支持意味着我们可以完成更多振奋人心的事业，比如雇佣员工来时刻监控检查Tor网络，或者研究、试验和实施一些让Tor网络更加稳固强大的方法。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:505 #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:370 @@ -1880,7 +1883,7 @@ msgstr "你也可以买礼品卡，寄给我们。" msgid "" "There are probably other ways to donate anonymously that we haven't thought " "of -- maybe you will." -msgstr "" +msgstr "也许还存在一些我们没有想到的匿名捐助方式——也许您会想到。" #: tmp/cache_locale/7d/7d56367a61f987367eeb2a89d0c6db83fd0801cce86278bf7e99ed39b5b46254.php:521 #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:474

1 0