Patrick Schleizer:
> anonym:
>> [...]
>> Yesterday's patch was trash. See the new commit(s) I've just pushed to
>> the branch.
>
> That seems to work! :)
Woo!
> When the filter is terminated, onionshare apparently does not notice
> that. Would be better if onionshare would notice that. Is that a bug?
It seems like a "bug" in onionshare, or even the control port language
protocol itself since it (AFAICT) doesn't have a concept of the server
quitting mid-session. No signal is sent, and I haven't even found an
event one can explicitly subscribe to to learn when it shuts down. In
fact, any stem-application will, for instance, notice that Tor closed
its control port on the next send() or recv() on the socket, and then
throw a stem.SocketClosed.
> About the packaging. If you like the genmkfile way to package things, I
> could also do the packaging. Only disadvantage would be an extra
> dependency on genmkfile.
>
> https://github.com/Whonix/control-port-filter-python
> https://github.com/Whonix/genmkfile
>
> That would be trivial on my side since Tails control filter seems very
> similar to control-port-filter-python. (control-port-filter-python
> packaged with genmkfile is a lintian --pedantic warning free and to my
> knowledge, fully complaint Debian source and binary package.) Otherwise,
> I'd just wait for you.
Sure! I bet you'll beat me to it, so I don't want to be the blocker, but
perhaps I'll take over the packaging in the future, depending on how
things go (would this make sense to include in Debian?). However, first
we need, in order:
1. A name that doesn't including 'tor'. What about 'grater' or
'onion-grater'? My inspiration is something like [0]. :) Otherwise
there's 'onion-filter' I guess.
2. A dedicated Git repo (trivial once we have a name).
[0]
http://howto.gd/pic/69/01/03.jpg
> I added 'Flags=DiscardPK', which works and I thought that is useful at
> least in case of Whonix. The workstation does not need to learn the
> hidden service key since onionshare does not use it anyhow. Not sure
> this (and the following) makes also sense in Tails?
>
> Some lines in Tor's response contain the following:
> (azazazazazazaz10 is the HS)
>
> 650 HS_DESC CREATED azazazazazazaz10 UNKNOWN UNKNOWN gliberrish REPLICA=0
> 650 HS_DESC CREATED azazazazazazaz10 UNKNOWN UNKNOWN gliberrish REPLICA=1
> 650 HS_DESC UPLOAD azazazazazazaz10 UNKNOWN gliberrish gliberrish
> 650 HS_DESC UPLOADED azazazazazazaz10 UNKNOWN gliberrish
>
> Could you please show how to rewrite them to:
>
> 650 HS_DESC CREATED azazazazazazaz10 UNKNOWN UNKNOWN dedacted REPLICA=0
> 650 HS_DESC CREATED azazazazazazaz10 UNKNOWN UNKNOWN dedacted REPLICA=1
> 650 HS_DESC UPLOAD azazazazazazaz10 UNKNOWN dedacted dedacted
> 650 HS_DESC UPLOADED azazazazazazaz10 UNKNOWN dedacted
>
> I am not sure stem would complain about this, but I guess not
onionshare uses stem's `create_ephemeral_hidden_service()` convenience
method with `await_publication=True`, and it tracks the state of the
hidden services publication via HS_DESC events, so you have to be
careful here (e.g. only allowing the UPLOADED won't work, probably).
So, to me it looks like you need the following (untested) config,
although you might want to study the spec to see which events are to be
expected:
HS_DESC:
- pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
- pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
- pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+'
replacement: '650 HS_DESC UPLOADED {} {} redacted'
- pattern: '.*'
replacement: ''
However, I saw something in the stem code that might indicate it
actually uses the value you want to redact, but I might be mistaken.
> and seems useful to me be to contain that information.
Sure!
Cheers!
%20I've%20just%20pushed%20to%0A>%20>>%20the%20branch.%0A>%20>%20%0A>%20>%20That%20seems%20to%20work!%20:)%0A>%20%0A>%20Woo!%0A>%20%0A>%20>%20When%20the%20filter%20is%20terminated,%20onionshare%20apparently%20does%20not%20notice%0A>%20>%20that.%20Would%20be%20better%20if%20onionshare%20would%20notice%20that.%20Is%20that%20a%20bug?%0A>%20%0A>%20It%20seems%20like%20a%20%22bug%22%20in%20onionshare,%20or%20even%20the%20control%20port%20language%0A>%20protocol%20itself%20since%20it%20(AFAICT)%20doesn't%20have%20a%20concept%20of%20the%20server%0A>%20quitting%20mid-session.%20No%20signal%20is%20sent,%20and%20I%20haven't%20even%20found%20an%0A>%20event%20one%20can%20explicitly%20subscribe%20to%20to%20learn%20when%20it%20shuts%20down.%20In%0A>%20fact,%20any%20stem-application%20will,%20for%20instance,%20notice%20that%20Tor%20closed%0A>%20its%20control%20port%20on%20the%20next%20send()%20or%20recv()%20on%20the%20socket,%20and%20then%0A>%20throw%20a%20stem.SocketClosed.%0A>%20%0A>%20>%20About%20the%20packaging.%20If%20you%20like%20the%20genmkfile%20way%20to%20package%20things,%20I%0A>%20>%20could%20also%20do%20the%20packaging.%20Only%20disadvantage%20would%20be%20an%20extra%0A>%20>%20dependency%20on%20genmkfile.%0A>%20>%20%0A>%20>%20https://github.com/Whonix/control-port-filter-python%0A>%20>%20https://github.com/Whonix/genmkfile%0A>%20>%20%0A>%20>%20That%20would%20be%20trivial%20on%20my%20side%20since%20Tails%20control%20filter%20seems%20very%0A>%20>%20similar%20to%20control-port-filter-python.%20(control-port-filter-python%0A>%20>%20packaged%20with%20genmkfile%20is%20a%20lintian%20--pedantic%20warning%20free%20and%20to%20my%0A>%20>%20knowledge,%20fully%20complaint%20Debian%20source%20and%20binary%20package.)%20Otherwise,%0A>%20>%20I'd%20just%20wait%20for%20you.%0A>%20%0A>%20Sure!%20I%20bet%20you'll%20beat%20me%20to%20it,%20so%20I%20don't%20want%20to%20be%20the%20blocker,%20but%0A>%20perhaps%20I'll%20take%20over%20the%20packaging%20in%20the%20future,%20depending%20on%20how%0A>%20things%20go%20(would%20this%20make%20sense%20to%20include%20in%20Debian?).%20However,%20first%0A>%20we%20need,%20in%20order:%0A>%20%0A>%201.%20A%20name%20that%20doesn't%20including%20'tor'.%20What%20about%20'grater'%20or%0A>%20'onion-grater'?%20My%20inspiration%20is%20something%20like%20%5B0%5D.%20:)%20Otherwise%0A>%20there's%20'onion-filter'%20I%20guess.%0A>%20%0A>%202.%20A%20dedicated%20Git%20repo%20(trivial%20once%20we%20have%20a%20name).%0A>%20%0A>%20%5B0%5D%20http://howto.gd/pic/69/01/03.jpg%0A>%20%0A>%20>%20I%20added%20'Flags=DiscardPK',%20which%20works%20and%20I%20thought%20that%20is%20useful%20at%0A>%20>%20least%20in%20case%20of%20Whonix.%20The%20workstation%20does%20not%20need%20to%20learn%20the%0A>%20>%20hidden%20service%20key%20since%20onionshare%20does%20not%20use%20it%20anyhow.%20Not%20sure%0A>%20>%20this%20(and%20the%20following)%20makes%20also%20sense%20in%20Tails?%0A>%20>%20%0A>%20>%20Some%20lines%20in%20Tor's%20response%20contain%20the%20following:%0A>%20>%20(azazazazazazaz10%20is%20the%20HS)%0A>%20>%20%0A>%20>%20650%20HS_DESC%20CREATED%20azazazazazazaz10%20UNKNOWN%20UNKNOWN%20gliberrish%20REPLICA=0%0A>%20>%20650%20HS_DESC%20CREATED%20azazazazazazaz10%20UNKNOWN%20UNKNOWN%20gliberrish%20REPLICA=1%0A>%20>%20650%20HS_DESC%20UPLOAD%20azazazazazazaz10%20UNKNOWN%20gliberrish%20gliberrish%0A>%20>%20650%20HS_DESC%20UPLOADED%20azazazazazazaz10%20UNKNOWN%20gliberrish%0A>%20>%20%0A>%20>%20Could%20you%20please%20show%20how%20to%20rewrite%20them%20to:%0A>%20>%20%0A>%20>%20650%20HS_DESC%20CREATED%20azazazazazazaz10%20UNKNOWN%20UNKNOWN%20dedacted%20REPLICA=0%0A>%20>%20650%20HS_DESC%20CREATED%20azazazazazazaz10%20UNKNOWN%20UNKNOWN%20dedacted%20REPLICA=1%0A>%20>%20650%20HS_DESC%20UPLOAD%20azazazazazazaz10%20UNKNOWN%20dedacted%20dedacted%0A>%20>%20650%20HS_DESC%20UPLOADED%20azazazazazazaz10%20UNKNOWN%20dedacted%0A>%20>%0A>%20>%20I%20am%20not%20sure%20stem%20would%20complain%20about%20this,%20but%20I%20guess%20not%0A>%20%0A>%20onionshare%20uses%20stem's%20%60create_ephemeral_hidden_service()%60%20convenience%0A>%20method%20with%20%60await_publication=True%60,%20and%20it%20tracks%20the%20state%20of%20the%0A>%20hidden%20services%20publication%20via%20HS_DESC%20events,%20so%20you%20have%20to%20be%0A>%20careful%20here%20(e.g.%20only%20allowing%20the%20UPLOADED%20won't%20work,%20probably).%0A>%20%0A>%20So,%20to%20me%20it%20looks%20like%20you%20need%20the%20following%20(untested)%20config,%0A>%20although%20you%20might%20want%20to%20study%20the%20spec%20to%20see%20which%20events%20are%20to%20be%0A>%20expected:%0A>%20%0A>%20%0A>%20However,%20I%20saw%20something%20in%20the%20stem%20code%20that%20might%20indicate%20it%0A>%20actually%20uses%20the%20value%20you%20want%20to%20redact,%20but%20I%20might%20be%20mistaken.%0A>%20%0A>%20>%20and%20seems%20useful%20to%20me%20be%20to%20contain%20that%20information.%0A>%20%0A>%20Sure!%0A>%20%0A>%20Cheers!%0A>%20%0A>%20%0A>%20 "Reply to this message")
