- Includes SocksPort and "Download software packages over Tor" feature,
as well as setting upstream bridges.
- "Download software packages over Tor" option is enabled by default.
- When upgrading, if Tor app was enabled and "Download software
packages over Tor" was enabled, then Tor Proxy will be installed.
- The default tor instance is now called tor@default. The "tor" service
is an multi-instance master that has Wants relation all instances.
Tests:
- Tests for Tor and Tor Proxy passed.
- Enable Tor, and run the tests for Tor Proxy. Afterwards, Tor is still
enabled and running.
- Enable Tor Proxy, and run the tests for Tor. Afterwards, Tor Proxy is
still enabled and running.
- Test setting upstream bridges for Tor and Tor Proxy.
- Install FreedomBox 23.11 in a VM and install Tor with default
settings. Install new FreedomBox version with Tor Proxy. After
install, both Tor and Tor Proxy apps are installed and running.
/etc/tor/instances/{plinth,fbxproxy}/torrc both have expected content.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Use AppView for app page.
- Handle post enable/disable activities within the App class.
- Use Operation class to perform configuration instead of custom mechanism. Drop
all the older code for it.
Tests:
- DONE: Run functional tests
- DONE: Enabling Tor
- DONE: Enables the service
- DONE: Updates the firewall ports
- DONE: Adds hidden service domain to names app
- DONE: Shows app enabled
- DONE: Firewall ports are opened
- DONE: Disabling Tor
- DONE: Disables apt transport over Tor
- DONE: Firewall ports are closed
- DONE: Shows app disabled
- DONE: Onion domain is removed from names app
- DONE: App page
- DONE: Running/not-running status is shown properly based on whether tor
daemon is running.
- DONE: Port forwarding information is shown properly.
- DONE: When hidden service is enabled, status of hidden services is shown
- DONE: Configuration update
- DONE: Form shown correct status of the option
- DONE: When configuration is being updated, operation progress is shown
- DONE: Page refreshes once in 3 seconds during operation. Refresh stops after
operation.
- Once the operation is complete, success or error message is shown
- DONE: Javascript to show/hide upstream bridges text box works
- DONE: Javascript to enable/disable relay checkboxes works
- DONE: Operation does not show notification.
- DONE: Enabling apt over Tor does not work when app is disabled
- DONE: When configuration is changed, the message 'Settings unchanged' is not
shown.
- DONE: If an error is thrown during configuration, an error message is shown
properly.
- DONE: Tor is restarted after configuration update and hidden service domains
is updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- ugettext functions will be removed in Django 4.0. Each use emits a warning
when running with Django 3.2. Since we have warnings enabled in developer mode,
we see quite a few messages because of this.
- ugettext is already a simple alias of gettext. So, no regressions are
expected.
Tests:
- Accessing an affected app in UI with Django 3.2 and Django 2.2 works fine.
- Using Django 3.2 there are no warnings related to removal of ugettext
functions.
- Ran regular unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Convert line terminators in the form field so that it matches the
current status information resulting in proper detection of change in
value.
- Allow IPv6 addresses properly. Allow "[ipv6]:port" format.
- Make specifying port optional.
- Allow spaces at the beginning and ending of the line to compensate for
copy/paste errors.
- Allow empty lines between bridge specifications.
- Allow multiple spaces between the components.
- Raise error if upstream bridges are not provided when 'use upstream
bridges' option is enabled.
- Write tests for upstream bridges validator.
- Mention that this option is for preventing censorship.
- Simplify description of upstream bridges.
- Give hyperlink to bridges.torproject.org.
- Make it slightly more clear that users can copy paste information from
bridges page.
- Update list of supported transports.
- Allow users to run regular relays. In addition to that users will be
able to turn them into bridge relays. Like before, by default,
relaying is enabled and the relay type bridge relay.
- Show obfs3/4 transport ports as needing firewall port forwarding only
if bridge relay is enabled.
- Remove pluggable transports configuration from configuration when
bridge rely is disabled.
- Improve description message for relays and bridge relays.
- When Tor hidden service is enable along with regular web server, it is
possible to de-anonymize the server.
- When Tor hidden service is enabled along with Tor relay, the hidden
service can be de-anonymized by sending large traffic observing
traffic patterns published by Tor relay. See:
https://trac.torproject.org/projects/tor/ticket/8742
Warn users not to rely on Tor hidden service functionality for strong
anonymity. We can remove this warning when implement a mechanism to
disable most other services when Tor hidden service is enabled.
