Re: [Tails-dev] Proposal: Add support for curl (does ALL_PRO…

このメッセージを削除

このメッセージに返信
著者: David A. Wheeler
日付:  
To: The Tails public development discussion list
題目: Re: [Tails-dev] Proposal: Add support for curl (does ALL_PROXY fix it?)


> On Feb 5, 2023, at 4:05 PM, segfault <segfault@???> wrote:
>
> Hi,
>
> David A. Wheeler:
>>> On Feb 4, 2023, at 2:18 PM, David A. Wheeler <dwheeler@???> wrote:
>>>
>>> Currently Tails includes and supports wget. I propose *also* adding support for curl.
>> Replying to myself, I think there's a slightly better way to automatically support curl.
>> I previously proposed setting the "ALL_PROXY" environment variable, but the best
>> setting for curl using ALL_PROXY uses prefixes that might confuse other tools
>> that might *also* read from ALL_PROXY.
>> So instead I propose this, to make Tails automatically support curl, while not
>> interfering with any other program.



>
> You can also make Tails install curl automatically via the Additional Software feature.


That *installs* curl automatically, but it doesn't *work* without special effort.
Instead, curl just fails. That's true if you call it directly, *or* if it's called
indirectly (by the many additional programs that use curl to download something).

Currently you have to take additional steps instead of simply using it as usual, and
that's what I would like to fix. If you have to type in anything extra, that's a problem.
After all, you don't have to type in anything special for wget.


> You might want to try `torsocks --isolate curl` (I didn't test it but that's often enough to make any program use Tor).


Currently torsocks is never mentioned in the Tails user documentation,
so a typical Tails user has a good chance of not knowing about it. (yes, torsocks *is*
mentioned in the design docs, but that doesn't count as *user* documentation :-) ).
So: No matter what, documenting that "additional programs"
might need to use torsocks (and how to use it) would be a good idea.

However, in the case of *curl*, using torsocks has drawbacks.
The torsocks program uses the LD_PRELOAD trick that is
sometimes unreliable and is *completely*
unnecessary for curl. Curl already knows how to use SOCKS5
natively, has many SOCKS options, and curl listens to the resolver configuration.

The only advantage I can see to using torsocks is its --isolate option.
If the torsocks --isolate option really is valuable, then I think that simply
invoking "curl" should automatically invoke its equivalent,
without the user needing to know about torsocks.
How exactly does torsocks implement --isolate to create isolation? It looks like
it just creates a new SOCKS username/pw each time. Maybe we can
do the same thing without needing to use LD_PRELOAD tricks.

The only way I can see of make curl "just work" with torsocks --isolate
is to use a wrapping technique similar to the one used for wget. But maybe
there's another way, since I don't fully grok the --isolate mechanism.

--- David A. Wheeler