[tor-commits] [torbirdy/master] Allow specifying that Enigmail keyserver communication is torified already.

sukhbir at torproject.org sukhbir at torproject.org
Sun Mar 26 08:50:07 UTC 2017 

commit 09acfd09c465ba9cb50b6a4d03f155f02a081391
Author: intrigeri <intrigeri at boum.org>
Date:   Tue Jan 31 16:04:33 2017 +0000

    Allow specifying that Enigmail keyserver communication is torified already.
    
    This can be done by setting extensions.torbirdy.enigmail.already_torified
    to true.
    
    It is needed e.g. when using GnuPG 2.1+, in which case these keyserver options
    break dirmngr:
    
      no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9150
    
    ... as reported e.g. on https://trac.torproject.org/projects/tor/ticket/19971
    and https://labs.riseup.net/code/issues/11948.
    
    The correct way to torify keyserver communication with Modern GnuPG is to set
    "use-tor" in ~/.gnupg/dirmngr.conf. Let's not break things for users who have
    configured this properly, e.g. Tails.
    
    Note that the Enigmail master branch has code to use Tor for keyserver
    operations. My understanding of the code is that it supports GnuPG 2 nicely, and
    detects whether dirmngr is already configured to use Tor. Once that's released
    and ready for production use, the parts of the Torbirdy code that are about
    torifying Enigmail communication with keyservers can go away:
    
      https://sourceforge.net/p/enigmail/source/ci/74e19771ec18cd5e7b542c32a9b34d47697f50ed/
    
    ... which is why I didn't bother investing time into a nicer solution on
    Torbirdy's side.
---
 chrome/content/overlay.js     |  1 +
 chrome/content/preferences.js | 13 ++++++++-----
 components/torbirdy.js        |  2 +-
 defaults/preferences/prefs.js |  1 +
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/chrome/content/overlay.js b/chrome/content/overlay.js
index 1f72c9d..f0c0304 100644
--- a/chrome/content/overlay.js
+++ b/chrome/content/overlay.js
@@ -40,6 +40,7 @@
         // Tor.
         if (type === 0) {
           myPanel.label = strbundle.getString("torbirdy.enabled.tor");
+          org.torbirdy.prefs.setProxyTor();
         }
         // JonDo/Whonix.
         if (type === 1) {
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
index eb4c9b8..ebfc13a 100644
--- a/chrome/content/preferences.js
+++ b/chrome/content/preferences.js
@@ -41,17 +41,19 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
     if (pub.prefs.getBoolPref("extensions.torbirdy.enigmail.throwkeyid")) {
       opts += "--throw-keyids ";
     }
-    var proxy = "socks5h://127.0.0.1:9150";
-    if (anonService === "jondo") {
-      proxy = "http://127.0.0.1:4001";
+    if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
+      var proxy = "socks5h://127.0.0.1:9150";
+      if (anonService === "jondo") {
+        proxy = "http://127.0.0.1:4001";
+      }
+      opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
     }
 
     return opts +
            "--no-emit-version " +
            "--no-comments " +
            "--display-charset utf-8 " +
-           "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=" +
-           proxy;
+           "--keyserver-options no-auto-key-retrieve";
   };
 
   pub.updateKeyserver = function(anonService) {
@@ -201,6 +203,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
 
     pub.setPanelSettings(pub.strBundle.GetStringFromName("torbirdy.enabled.tor"), "green");
     pub.prefs.setIntPref(pub.prefBranch + 'proxy', 0);
+    pub.setPreferences("extensions.enigmail.agentAdditionalParam", pub.setEnigmailPrefs("tor"));
   };
 
   pub.setProxyJonDo = function() {
diff --git a/components/torbirdy.js b/components/torbirdy.js
index ebdef02..64ab390 100644
--- a/components/torbirdy.js
+++ b/components/torbirdy.js
@@ -272,7 +272,7 @@ var TorBirdyPrefs = {
                                               // We want to force UTF-8 everywhere
                                               "--display-charset utf-8 " +
                                               // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
-                                              "--keyserver-options http-proxy=socks5h://127.0.0.1:9150 ",
+                                              "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
                                             
   // The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
   "extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
diff --git a/defaults/preferences/prefs.js b/defaults/preferences/prefs.js
index 8b43562..ea316d3 100644
--- a/defaults/preferences/prefs.js
+++ b/defaults/preferences/prefs.js
@@ -5,6 +5,7 @@ pref("extensions.torbirdy.warn", true);
 pref("extensions.torbirdy.startup_folder", false);
 pref("extensions.torbirdy.enigmail.throwkeyid", false);
 pref("extensions.torbirdy.enigmail.confirmemail", false);
+pref("extensions.torbirdy.gpg_already_torified", false);
 pref("extensions.torbirdy.timezone", true);
 pref("extensions.torbirdy.whonix_run", true);
 pref("extensions.torbirdy.info_run", false);

More information about the tor-commits mailing list