Hi adrelanos, I just noticed that Whonix uses Stem. That's great! Just a few quick thoughts...
https://github.com/Whonix/Whonix/blob/master/whonix_shared/usr/lib/whonixche...
with Controller.from_port(port = p) as controller:
if os.path.exists("/usr/share/whonix/whonix_gateway"): controller.authenticate("password")
You always need to authenticate the controller. Tor will balk if you omit the authenticate() call, even if it isn't using authentication...
from stem.control import Controller c = Controller.from_port() c.get_info('version')
Traceback (most recent call last): File "<stdin>", line 1, in <module> File "stem/control.py", line 960, in get_info raise exc stem.ProtocolError: GETINFO response didn't have an OK status: Authentication required.
You should probably change this to...
with Controller.from_port(port = p) as controller: controller.authenticate()
There also isn't a reason to pass in 'password' unless you're actually using that as your controller password. ;)
b = bootstrap_status.split( ) progress = b[2] progress_percent = ( progress.split( "=" ) )[1] exit_code=int(progress_percent)
Operating by the positional argument is fine, but a little risky since Tor is perfectly allowed to rearrange those. I'd suggest the following instead...
match = re.match('.* PROGRESS=([0-9]+).*', line)
if match: exit_code = int(match.group(1))
Cheers! -Damian
Hi Damian,
thank you for your e-mail!
That script is stable, no bug reports in a while, stem is working fine. :)
That authentication line and "password" is only in there to make stem happy. help_check_tor_bootstrap.py/stem isn't "really" using Tor's control port. It connects to Control Port Filter Proxy (CPFP) [1], which does the real authentication. CPFP - a whitelisting proxy - accepts any password, authenticates to Tor using cookie and filters out potentially dangerous (for anonymity) commands (such as getinfo address).
Cheers, Patrick
That script is stable, no bug reports in a while, stem is working fine. :)
Great!
That authentication line and "password" is only in there to make stem happy.
Stem should be perfectly fine without providing a password (that's an optional argument). If your proxy handles the authentication then why have that authenticate() call at all?
I would definitely suggest the progress parsing change, otherwise tor upgrades might accidentally break you. Minor mistake on my part though...
match = re.match('.* PROGRESS=([0-9]+).*', line)
... should be...
match = re.match('.* PROGRESS=([0-9]+).*', bootstrap_status)
Cheers! -Damian
Damian Johnson:
That script is stable, no bug reports in a while, stem is working fine. :)
Great!
That authentication line and "password" is only in there to make stem happy.
Stem should be perfectly fine without providing a password (that's an optional argument). If your proxy handles the authentication then why have that authenticate() call at all?
I would definitely suggest the progress parsing change, otherwise tor upgrades might accidentally break you. Minor mistake on my part though...
match = re.match('.* PROGRESS=([0-9]+).*', line)
... should be...
match = re.match('.* PROGRESS=([0-9]+).*', bootstrap_status)
Cheers! -Damian
Your suggestions have been implemented: https://github.com/Whonix/Whonix/commit/af46b55166fddac959c00d55557c1dd2a240...
Thank you again, Damian! Much appreciated!
Cheers, Patrick
-
Damian Johnson -
Patrick Schleizer