GithubHelp home page GithubHelp logo

kicksecure / tb-updater Goto Github PK

View Code? Open in Web Editor NEW
15.0 7.0 18.0 4.59 MB

Tor Browser Downloader - Automates download and verification of Tor Browser from The Tor Project's website. This package is produced independently of, and carries no guarantee from, The Tor Project.

Home Page: https://www.kicksecure.com/wiki/Impressum

License: Other

Shell 93.24% Roff 6.76%
tor-browser-downloader tbbd open-link-confirmation debian

tb-updater's Introduction

Tor Browser Downloader by Whonix developers

Automates download and verification of Tor Browser from The Tor Project's website. Useful for initial installation of Tor Browser, clean re-installations of Tor Browser and keeping newly created Qubes AppVMs inherited from updated Qubes TemplateVMs can ship up to date versions of Tor Browsers.

Incapable of preserving of updating and preserving user data. Use Tor Browser's internal updater for that purpose. Notifies about already exiting installations of Tor Browser. Renamed rather than deletes old versions of Tor Browsers to avoid user data loss.

Has a cli and a gui mode. Can auto detect latest version numbers or use user configured version numbers. Comes with a download confirmation screen that lets users choose which version to download. [1] Has a installation confirmation screen [2] that enables users to detect indefinite freeze and rollback attacks.

Integrates well with tb-starter, tb-default-browser and open-link-confirmation package as well as with Qubes.

Without the helper-scripts package installed, the GUI will not move the progress bar.

If you have the helper-scripts package installed, it will show a nicer progress bar when run in terminal and more meaningful curl exit code messages, when curl failed.

When having the helper-scripts package installed (recommended for Anonymity Distributions), Tor Browser Downloader will check, that Tor is enabled, that no package manager is currently running and that Tor finished bootstrapping before download attempts.

Supports being run inside chroot and from Debian maintainer postinst script.

Qubes integration:

  • Up-to-date browser versions made available to freshly created AppVMs and DispVMs.
  • In DispVM mounts browser folder which resides in root image to user home folder rather than copying for faster browser startup.

This package is produced independently of, and carries no guarantee from, The Tor Project.

[1] https://www.whonix.org/wiki/Tor_Browser#Download_Confirmation_Screen [2] https://www.whonix.org/wiki/Tor_Browser#Installation_Confirmation_Screen

How to install tb-updater using apt-get

1. Download the APT Signing Key.

wget https://www.kicksecure.com/keys/derivative.asc

Users can check the Signing Key for better security.

2. Add the APT Signing Key.

sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc

3. Add the derivative repository.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

4. Update your package lists.

sudo apt-get update

5. Install tb-updater.

sudo apt-get install tb-updater

How to Build deb Package from Source Code

Can be build using standard Debian package build tools such as:

dpkg-buildpackage -b

See instructions.

NOTE: Replace generic-package with the actual name of this package tb-updater.

Contact

Donate

tb-updater requires donations to stay alive!

tb-updater's People

Contributors

0brand avatar adrelanos avatar andrea-varesio avatar eyedeekay avatar frankgusto avatar gavinpacini avatar irykoon avatar jasonjayalap avatar marmarek avatar pgerber avatar troubadoour avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

adrelanos troubadoour marmarek eyedeekay pgerber 0brand disrupttheflow frankgusto cyb3r0 irykoon andrea-varesio bhuid0 devdevdany fyqwbdzsfjh gavinpacini

tb-updater's Issues

Mullvad Browser support

Hello!

I tried using this script to download and install Mullvad Browser and at a glance it appears to work with fairly minimal changes (same signers, same structure, possibly the same release process as well). Separate changes will of course need to be made to tb-starter as well.

I could be interested in working on a pull request, if that's something there's interest in, though some assistance will likely be necessary.

Here are some relevant links

Backup existing tor browser directory

I noticed in the man page for update-torbrowser the following passage is in the description

In case there is already a ~/.tb/tor-browser folder, it renames it to
~/.tb/tor-browser_(current date and time). It extracts freshly down‐
loaded TBB too to ~/.tb/tor-browser.

Unfortunately, this is not equated into reality, the update-torbrowser script merely trashes the existing installation of Tor Browser with no option of a backup.

Would such an option to backup as described be welcomed?

I myself treat Tor Browser installations as disposable, was just investigating possible contributions to the Whonix.

Frank

tb-updater failing connectivity check UTM

Problem Description

I am trying to install the torbrowser using tb-updater on Macbook air M2 using UTM (whonix 17.0.3.0). It seems that I have a problem with the proxy: tb-updater is failing the connectivity check. I have tried to log the curl command that fails with verbose just above the log from update-torbrowser. system check is also showing everything ok. Any ideas?

update-torbrowser log

[workstation user ~]% update-torbrowser              
INFO: chroot: is_chroot=true is not set, ok.
INFO: Auto detecting ARCH...
INFO: ARCH 'aarch64' detected.
INFO: Auto detecting ARCH_DOWNLOAD...
INFO: ARCH_DOWNLOAD 'linux-arm64' detected.
INFO: CURL_PROXY: --proxy socks5h://tb-updater_20cf3486-cab0-4a18-b276-d802970a7cb8:[email protected]:9115
INFO: Not running inside Qubes Disposable Template, ok.
INFO: Using stable version. For alpha version, see: https://www.whonix.org/wiki/Tor_Browser#Alpha
INFO: Running Tor enabled check... Done.
INFO: Running Tor bootstrap check... Done.
INFO: Running connectivity check...  Downloading...: https://sourceforge.net
INFO: CURL_OUT_FILE: /home/user/.cache/tb/temp/tbb_remote_folder

ERROR: https://sourceforge.net could not be reached.

Possible reasons:
- https://sourceforge.net/projects/tor-browser-ports/files is down
- download location changed

Please check: Start menu -> System -> systemcheck
              or in Terminal: systemcheck
              or in Terminal with debugging: systemcheck -v

If systemcheck reports no problems with internet activity and downloading Tor Browser keeps failing, please report a bug!

(Debugging information: curl_status_message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])
zsh: exit 7     update-torbrowser

curl failing log

[workstation user ~]% /usr/libexec/helper-scripts/curl-prgrs       --fail       --proxy socks5h://tb-updater_7764e230-e96c-45d7-b61e-df0189cb97a0:[email protected]:9115       --tlsv1.2 --proto =https       --retry-connrefused       --retry 3       --retry-delay 3       --max-time "180"              --location              --output "/home/user/.cache/tb/temp/tbb_remote_folder"       "https://sourceforge.net"       -v
*   Trying 10.152.152.10:9115...
* Immediate connect fail for 10.152.152.10: Connection refused
* Failed to connect to 10.152.152.10 port 9115 after 0 ms: Couldn't connect to server
* Closing connection 0
* Hostname 10.152.152.10 was found in DNS cache
*   Trying 10.152.152.10:9115...
* Immediate connect fail for 10.152.152.10: Connection refused
* Failed to connect to 10.152.152.10 port 9115 after 0 ms: Couldn't connect to server
* Closing connection 1
* Hostname 10.152.152.10 was found in DNS cache
*   Trying 10.152.152.10:9115...
* Immediate connect fail for 10.152.152.10: Connection refused
* Failed to connect to 10.152.152.10 port 9115 after 0 ms: Couldn't connect to server
* Closing connection 2
* Hostname 10.152.152.10 was found in DNS cache
*   Trying 10.152.152.10:9115...
* Immediate connect fail for 10.152.152.10: Connection refused
* Failed to connect to 10.152.152.10 port 9115 after 0 ms: Couldn't connect to server
* Closing connection 3

zsh: exit 7     /usr/libexec/helper-scripts/curl-prgrs --fail --proxy  --tlsv1.2 --proto    3

output of system check -v

systemcheck -v     
[INFO] [systemcheck]  | Whonix-Workstation | Tue Aug  1 10:08:56 UTC 2023
[INFO] [systemcheck] Check sudo Result: OK
[INFO] [systemcheck] Whonix build version: 17.0.3.0
[INFO] [systemcheck] whonix-workstation-packages-dependencies-cli: 23.7-1
[INFO] [systemcheck] derivative_major_release_version /etc/whonix_version: 17
[INFO] [systemcheck] Whonix Support Status of this Major Version: Ok.
[WARNING] [systemcheck] Hardened Malloc: Disabled.
[INFO] [systemcheck] Spectre Meltdown Test: skipping since spectre_meltdown_check=false, ok.
[INFO] [systemcheck] Package Manager Consistency Check Result: Output of command dpkg --audit was empty, ok.
[INFO] [systemcheck] ERROR: ARG_MAX exceeded!

debug information:
output_func was called with too many arguments.
${FUNCNAME[0]}: output_func
${FUNCNAME[1]}: output_func_cli
${FUNCNAME[2]}: check_journal
${FUNCNAME[3]}: systemcheck_main
${FUNCNAME[5]}: main
${FUNCNAME[6]}: 
$0: /usr/libexec/systemcheck/systemcheck
[INFO] [systemcheck] check network interfaces Result: Ok.
[INFO] [systemcheck] Qubes Settings Test Result: Skipped, because Qubes not detected.
[INFO] [systemcheck] Check Kernel Messages Test Result: Found nothing remarkable, ok.
[INFO] [systemcheck] Whonix firewall systemd unit check Result: Ok.
[INFO] [systemcheck] Check Package Manager Running Result: None running, ok.
[INFO] [systemcheck] Tor Check Result: Not running on Whonix-Gateway, ok.
[INFO] [systemcheck] Tor Config Check Result: Tor config ok.
[INFO] [systemcheck] Tor Running Check Result: Not running on Whonix-Gateway, ok.
[INFO] [systemcheck] Tor SocksPort Reachability Test Result: Reachable. (curl exit code: 22 | curl status message: [22] - [HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if -f, --fail is used.])
[INFO] [systemcheck] Tor Connection Result: Ok.
tor_bootstrap_status: 
Tor Circuit: established
[INFO] [systemcheck] Time Synchronization Result: Ok.
Time synchronization status: success
sdwdate reports: Success.
whonix_firewall status: consecutive run after boot
onion-time-pre-script reports: 
__ ### START: ### /usr/libexec/helper-scripts/onion-time-pre-script
__ Status: Subsequent run after boot.
__ Static Time Sanity Check: Within minimum time 'Mon Jun 12 00:00:00 UTC 2023' and expiration timestamp 'Tue May 17 10:00:00 UTC 2033', ok.
__ Tor circuit: established
__ Tor Consensus Time Sanity Check: Clock within consensus parameters consensus/valid-after 2023-08-01 09:00:00 and consensus/valid-until 2023-08-01 12:00:00.
__ Conclusion: Tor already reports circuit established.
__ ### END: ### Exiting with exit_code '0' indicating 'success'.
[INFO] [systemcheck] Connected to Tor.
[INFO] [systemcheck] Whonix Meta Packages Test Result: Meta package non-qubes-whonix-workstation-xfce installed, ok.
[INFO] [systemcheck] Whonix Meta Packages Test Result: Meta package non-qubes-whonix-workstation-cli installed, ok.
[INFO] [systemcheck] Whonix Unwanted Packages Test Result: None found.
[INFO] [systemcheck] Check Initializer Result: /var/lib/initializer-dist/status-files/first_run_initializer.fail does not exist, ok.
[INFO] [systemcheck] Check Virtualizer Result: Supported Virtualizer qemu (KVM?) detected, continuing.
systemd-detect-virt result: qemu
[INFO] [systemcheck] PVClock Result: /sys/devices/system/clocksource/clocksource0/current_clocksource exist, is arch_sys_counter.
[INFO] [systemcheck] Check Timezone Result: /etc/timezone, Etc/UTC matches Etc/UTC, ok.
[INFO] [systemcheck] Check Timezone Result: /usr/share/zoneinfo/Etc/UTC matches /etc/localtime, ok.
[INFO] [systemcheck] IP Forwarding Result: not running on Whonix-Gatway, skipping, ok.
[INFO] [systemcheck] Whonix is produced independently of, with no guarantee from, The Tor Project. Whonix is a research project. https://www.whonix.org
[INFO] [systemcheck] Check Logs Result: /run/systemcheck/.msgcollector/msgdispatcher-error.log does not exist, ok.
[INFO] [systemcheck] Check Logs Result: /run/systemcheck/.msgcollector/msgdispatcher-error.log does not exist, ok.
[INFO] [systemcheck] Check Logs Result: /var/lib/systemcheck/.msgcollector/msgdispatcher-error.log does not exist, ok.
[INFO] [systemcheck] Check Logs Result: /run/systemcheck/.cache/tb/torbrowser_updater_error.log does not exist, ok.
[INFO] [systemcheck] Check Hostname Result: "hostname --fqdn" output is "host.localdomain", ok.
[INFO] [systemcheck] Check Hostname Result: "hostname" output is "host", ok.
[INFO] [systemcheck] Check Hostname Result: "hostname --ip-address" output is "127.0.0.1", ok.
[INFO] [systemcheck] Check Hostname Result: "hostname --ip-address" output is "localdomain", ok.
[INFO] [systemcheck] Entropy Available Check Result: ok. /proc/sys/kernel/random/entropy_avail: 256
[INFO] [systemcheck] Check nonfree Result: Ok, no nonfree packages found. For more information, see:
https://www.whonix.org/wiki/Avoid_nonfree_software
[INFO] [systemcheck] Whonix APT Repository: Enabled.
When the Whonix team releases BOOKWORM updates,
they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade)
along with updated packages from the Debian team. Please
read https://www.whonix.org/wiki/Trust to understand the risk.
If you want to change this, use:
    sudo whonix_repository
[INFO] [systemcheck] Qubes Update Proxy Test Result: Skipped, because Qubes not detected.
[INFO] [systemcheck] check_tor_socks_or_trans_port SocksPort: Skipped, because not using --leak-tests (--show-ip), ok.
[INFO] [systemcheck] check_tor_socks_or_trans_port TransPort: Skipped, because not using --leak-tests (--show-ip), ok.
[INFO] [systemcheck] check_stream_isolation : Skipped, because not using --leak-tests (--show-ip), ok.
[INFO] [systemcheck] Debian Package Update Check: Checking for software updates via apt-get... ( Documentation: https://www.whonix.org/wiki/Update )
Hit:1 tor+https://deb.debian.org/debian bookworm InRelease                                                                                                             
Hit:2 tor+https://fasttrack.debian.net/debian bookworm-fasttrack InRelease                                                                                             
Hit:3 tor+https://deb.debian.org/debian bookworm-updates InRelease                              
Hit:4 tor+https://deb.debian.org/debian-security bookworm-security InRelease
Hit:5 https://deb.kicksecure.com bookworm InRelease
Hit:6 tor+https://deb.debian.org/debian bookworm-backports InRelease
Reading package lists... Done
[INFO] [systemcheck] sudo apt-get dist-upgrade --simulate output:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
[INFO] [systemcheck] Debian Package Update Check Result: No updates found via apt-get.
[INFO] [systemcheck] Warrant Canary Check: Skipping on Whonix-Workstation, ok.
[INFO] [systemcheck] Please donate!
   See: https://www.whonix.org/wiki/Donate

"This key has expired!" updating to Tor Browser 13.0a5

When I try to update to Tor Browser 13.0a5 on Whonix 16 on Qubes 4.1, I'm told the key expired:

user@host:~$ sudo update-torbrowser --resume
INFO: chroot: is_chroot=true is not set, ok.
INFO: Auto detecting ARCH...
INFO: ARCH 'x86_64' detected.
INFO: Auto detecting ARCH_DOWNLOAD...
INFO: ARCH_DOWNLOAD 'linux-x86_64' detected.
INFO: CURL_PROXY: --proxy http://127.0.0.1:8082/
INFO: Automatically setting download folder to /var/cache/tb-binary, because running inside Qubes TemplateVM but not run from postinst. This is useful so you get up to date versions of Tor Browser in newly created AppVMs inherited from updated TemplateVMs.
More info: https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Qubes-specific
INFO: Not running inside Qubes Disposable Template, ok.
INFO: Using alpha version. See:
https://www.whonix.org/wiki/Tor_Browser#Alpha
INFO: Running connectivity check...  Downloading...: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion
INFO: CURL_OUT_FILE: /var/cache/tb-binary/.cache/tb/temp/tbb_remote_folder
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 21329  100 21329    0     0   3683      0  0:00:05  0:00:05 --:--:--  4648
INFO: Connectivity check succeeded.
INFO: Find out latest version... Downloading...: http://ot3ivcdxmalbsbponeeq5222hftpf3pqil24q3s5ejwo5t52l65qusid.onion/torbrowser/update_3/alpha/downloads.json
INFO: CURL_OUT_FILE: /var/cache/tb-binary/.cache/tb/RecommendedTBBVersions
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   681  100   681    0     0    179      0  0:00:03  0:00:03 --:--:--   179
WARNING: Looks like there is an upgrade for Tor Browser.

Please close Tor Browser if you want to (re-)install!

If your currently installed version is:
   - higher: you are likely target of a downgrade attack, SAY NO NOW.
   - equal : only proceed, if you want to create a new browser profile.
   - lower : you should upgrade.

If you would like to keep your browser profile and update rather than re-downloading Tor Browser, you must use Tor Browser's internal updater. In that case, say no now.

This program (Tor Browser Downloader (by Whonix developers)) is incapable of keeping user data.

YOUR BROWSER WILL BE KILLED.
YOUR OLD BROWSER PROFILE INCLUDING BOOKMARKS AND PASSWORDS WILL GET DELETED.
Learn more about this Download Confirmation Notification.
https://www.whonix.org/wiki/Tor_Browser/Download_Confirmation_Notification
INFO: Previously downloaded version: 13.0a4
INFO: Currently installed version: 13.0a4
INFO: Online detected version: 13.0a5
QUESTION: Download now?
y/n?
y
INFO: Requested Tor Browser version only support an ALL locale, fetching it.
INFO: Because you are not using --nokilltb, now killing potentially still running instances of Tor Browser...
firefox.real: no process found
INFO: Digital signature (GPG) download... Will take a moment...
INFO: Downloading...: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/dist/torbrowser/13.0a5/tor-browser-linux-x86_64-13.0a5.tar.xz.asc
INFO: CURL_OUT_FILE: /var/cache/tb-binary/.cache/tb/files/tor-browser-linux-x86_64-13.0a5.tar.xz.asc
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   426  100   426    0     0    640      0 --:--:-- --:--:-- --:--:--   641
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100   833  100   833    0     0    188      0  0:00:04  0:00:04 --:--:--   406
INFO: Downloading Tor Browser...
INFO: Downloading...: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/dist/torbrowser/13.0a5/tor-browser-linux-x86_64-13.0a5.tar.xz
INFO: CURL_OUT_FILE: /var/cache/tb-binary/.cache/tb/files/tor-browser-linux-x86_64-13.0a5.tar.xz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   422  100   422    0     0    586      0 --:--:-- --:--:-- --:--:--   587
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
100  113M  100  113M    0     0   129k      0  0:14:59  0:14:59 --:--:--  186k
INFO: Digital signature (GPG) verification... This will take a moment...
INFO: Using digital signature signing key by The Tor Project.
ERROR: Digital signature (GPG) could NOT be verified.
Tor Browser update failed! Try again later.

gpg_bash_lib_output_alright_status: false
gpg_bash_lib_output_failure: 

gpg_bash_lib_output_diagnostic_message:

gpg_bash_lib_internal_gpg_verify_status_fd_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox '/var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx' created
gpg: /var/cache/tb-binary/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Sun 24 Sep 2023 05:48:49 PM UTC
gpg:                using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5  4901 E53D 989A 9E2D 47BF
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1641301932
[GNUPG:] KEYEXPIRED 1694951612
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1694951612
[GNUPG:] SIG_ID qqgitKd9J9fcYI5Uc5a/9tpaUVk 2023-09-24 1695577729
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1641301932
[GNUPG:] KEYEXPIRED 1694951612
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] EXPKEYSIG E53D989A9E2D47BF Tor Browser Developers (signing key) 
[GNUPG:] VALIDSIG 613188FC5BE2176E3ED54901E53D989A9E2D47BF 2023-09-24 1695577729 0 4 0 1 10 00 EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1641301932
[GNUPG:] KEYEXPIRED 1694951612
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1641301932
[GNUPG:] KEYEXPIRED 1694951612
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23

tb-updater fails to update

Using the command update-torbrowser on a whonix-ws template fails with the following message:

failed to download dist.torproject.org/torbrowser/y/sha256sums-unsigned-build.txt.asc

TorBrowser doesn't start on fresh build, complains about tb-updater-first-boot.service

Context: Qubes OS 4.1, fresh whonix-workstation-17 build from yesterday. I'm pretty sure it applies to Qubes OS 4.2 too. Earlier template build (I tested one that had tb-updater 3:30.7-1 installed initially) and then updated later works fine.

When starting "Tor Browser (AnonDist)" in anon-whonix, I get this:
image
https://openqa.qubes-os.org/tests/91299#step/whonix_torbrowser/12

Note the "disabled; preset: enabled" part.

My guess is this commit causes service no longer being enabled by default. In earlier template build log I see:

2023-12-22 19:55:20.397292 +0000 build-templates-community: output: #####################################################################
2023-12-22 19:55:20.397337 +0000 build-templates-community: output: ## INFO: BEGIN: tb-updater postinst configure' '
2023-12-22 19:55:20.397411 +0000 build-templates-community: output: #####################################################################
2023-12-22 19:55:20.397470 +0000 build-templates-community: output: '
2023-12-22 19:55:20.397536 +0000 build-templates-community: output: + true 'INFO: debhelper beginning here.'
2023-12-22 19:55:20.397593 +0000 build-templates-community: output: + '[' configure = configure ']'
2023-12-22 19:55:20.397653 +0000 build-templates-community: output: + deb-systemd-helper unmask tb-updater-dispvm.service
2023-12-22 19:55:20.442114 +0000 build-templates-community: output: + deb-systemd-helper --quiet was-enabled tb-updater-dispvm.service
2023-12-22 19:55:20.469713 +0000 build-templates-community: output: + deb-systemd-helper enable tb-updater-dispvm.service
2023-12-22 19:55:20.493099 +0000 build-templates-community: output: Created symlink /etc/systemd/system/multi-user.target.wants/tb-updater-dispvm.service -> /lib/systemd/system/tb-updater-dispvm.service.
2023-12-22 19:55:20.494409 +0000 build-templates-community: output: + '[' configure = configure ']'
2023-12-22 19:55:20.494426 +0000 build-templates-community: output: + deb-systemd-helper unmask tb-updater-first-boot.service
2023-12-22 19:55:20.514821 +0000 build-templates-community: output: + deb-systemd-helper --quiet was-enabled tb-updater-first-boot.service
2023-12-22 19:55:20.543535 +0000 build-templates-community: output: + deb-systemd-helper enable tb-updater-first-boot.service
2023-12-22 19:55:20.578945 +0000 build-templates-community: output: Created symlink /etc/systemd/system/multi-user.target.wants/tb-updater-first-boot.service -> /lib/systemd/system/tb-updater-first-boot.service.

But in a recent build log this part is gone. Likely dh-systemd didn't detected services to enable at the package build time.

Qubes template update fails with tb-updater

Using Qubes Updater or terminal in debian-10 template, for several days:

...
Do you want to continue? [Y/n] y
Setting up tb-updater (3:19.3-1) ...
/etc/torbrowser.d/50_user.conf: line 3: syntax error near unexpected token `“extensions.torbutton.startup”,'
/etc/torbrowser.d/50_user.conf: line 3: `user_pref(“extensions.torbutton.startup”, false)'
###########################################################
## update-torbrowser script bug.
## No panic. Nothing is broken. Just some rare condition
## has been hit. Try again later. There is likely a
## solution for this problem. Please see the Whonix News,
## Whonix User Help Forum and Whonix Documentation.
## https://www.whonix.org/wiki/
## Please report this bug!
##
## BASH_COMMAND: bash -n "$i"
## exit_code: 2
##
## output: 
## output_opts: 
## progressbaridx: 
##
## Experts only:
## bash -x update-torbrowser
###########################################################

####################################################################
## BEGIN ERROR in /var/lib/dpkg/info/tb-updater.postinst detected!
##
## ERROR LOG:
## See above.
##
## BASH_COMMAND: $tool $chroot_maybe --postinst
## EXIT_CODE: 1
##
## END ERROR in /var/lib/dpkg/info/tb-updater.postinst detected!
## Please report this bug!
####################################################################

dpkg: error processing package tb-updater (--configure):
 installed tb-updater package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 tb-updater
E: Sub-process /usr/bin/dpkg returned an error code (1)

link to whonix signing key -> 404

Very small issue.

While trying to install tb-updater for Secbrowser, I noticed that the link in the instructions to download the Whonix Signing Key gets a 404 error.

The wget instructions work just fine.

tb-updater do not populate home directory at first boot

On Qubes 4.0, tor browser isn't copied into user home directory on first VM startup.
It is caused by this code:
https://github.com/Whonix/tb-updater/blob/1766f0222e6502f5b43d9e4938a64ca8a24b500d/usr/lib/tb-updater/first-boot-home-population#L10-L14

The flag file is stored in /var/cache (which is shared between TemplateVM and TemplateBasedVMs), so if home directory is populated in the template itself (if for any reason check for being TemplateVM fails), then no further TemplateBasedVM will receive tor browser. Especially, this breaks DispVMs based on whonix-ws-dvm, because it tries to download tor browser at each start.

I'm not sure why check for TemplateVM fails, but regardless of investigating it, I propose moving flag file into user home (something that have the same persistence property as actual provisioned tor browser).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.