Whonix's help_check_tor_bootstrap.py
Hi adrelanos, I just noticed that Whonix uses Stem. That's great! Just a few quick thoughts... https://github.com/Whonix/Whonix/blob/master/whonix_shared/usr/lib/whonixche...
with Controller.from_port(port = p) as controller:
if os.path.exists("/usr/share/whonix/whonix_gateway"): controller.authenticate("password")
You always need to authenticate the controller. Tor will balk if you omit the authenticate() call, even if it isn't using authentication...
from stem.control import Controller c = Controller.from_port() c.get_info('version') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "stem/control.py", line 960, in get_info raise exc stem.ProtocolError: GETINFO response didn't have an OK status: Authentication required.
You should probably change this to... with Controller.from_port(port = p) as controller: controller.authenticate() There also isn't a reason to pass in 'password' unless you're actually using that as your controller password. ;)
b = bootstrap_status.split( ) progress = b[2] progress_percent = ( progress.split( "=" ) )[1] exit_code=int(progress_percent)
Operating by the positional argument is fine, but a little risky since Tor is perfectly allowed to rearrange those. I'd suggest the following instead... match = re.match('.* PROGRESS=([0-9]+).*', line) if match: exit_code = int(match.group(1)) Cheers! -Damian
Hi Damian, thank you for your e-mail! That script is stable, no bug reports in a while, stem is working fine. :) That authentication line and "password" is only in there to make stem happy. help_check_tor_bootstrap.py/stem isn't "really" using Tor's control port. It connects to Control Port Filter Proxy (CPFP) [1], which does the real authentication. CPFP - a whitelisting proxy - accepts any password, authenticates to Tor using cookie and filters out potentially dangerous (for anonymity) commands (such as getinfo address). Cheers, Patrick [1] https://www.whonix.org/wiki/Dev/CPFP
That script is stable, no bug reports in a while, stem is working fine. :)
Great!
That authentication line and "password" is only in there to make stem happy.
Stem should be perfectly fine without providing a password (that's an optional argument). If your proxy handles the authentication then why have that authenticate() call at all? I would definitely suggest the progress parsing change, otherwise tor upgrades might accidentally break you. Minor mistake on my part though... match = re.match('.* PROGRESS=([0-9]+).*', line) ... should be... match = re.match('.* PROGRESS=([0-9]+).*', bootstrap_status) Cheers! -Damian
Damian Johnson:
That script is stable, no bug reports in a while, stem is working fine. :)
Great!
That authentication line and "password" is only in there to make stem happy.
Stem should be perfectly fine without providing a password (that's an optional argument). If your proxy handles the authentication then why have that authenticate() call at all?
I would definitely suggest the progress parsing change, otherwise tor upgrades might accidentally break you. Minor mistake on my part though...
match = re.match('.* PROGRESS=([0-9]+).*', line)
... should be...
match = re.match('.* PROGRESS=([0-9]+).*', bootstrap_status)
Cheers! -Damian
Your suggestions have been implemented: https://github.com/Whonix/Whonix/commit/af46b55166fddac959c00d55557c1dd2a240... Thank you again, Damian! Much appreciated! Cheers, Patrick
participants (2)
-
Damian Johnson -
Patrick Schleizer