search

freedomofpress / securedrop

GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!
https://securedrop.org/
Other
3.6k stars 685 forks source link

install.sh appears mostly broken for admins using Tails 2.0.1 #1251

Closed heartsucker closed 8 years ago

heartsucker commented 8 years ago

After running ansible with zero errors, the following things the script claims to do not happen.

And I'm not sure what caused it (didn't have time to look at the script at the moment), but ssh to the servers doesn't work because of some sort of SOCKS errors. I'm guessing this has something to do with the torrc, but I can dig more tomorrow.

My env:

Tails 2.0.1
amnesia@amnesia:~/Persistent/securedrop/install_files/ansible-base$ python --version
Python 2.7.9
amnesia@amnesia:~/Persistent/securedrop/install_files/ansible-base$ ansible --version
ansible 1.7.2
amnesia@amnesia:~/Persistent/securedrop/install_files/ansible-base$ uname -a
Linux amnesia 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux

Output from install.sh.

amnesia@amnesia:~/Persistent/securedrop/tails_files$ sudo ./install.sh
[sudo] password for amnesia:
Hit tor+http://security.debian.org jessie/updates InRelease
Get:1 tor+http://deb.tails.boum.org 2.0.1 InRelease
Hit tor+http://security.debian.org jessie/updates/main i386 Packages
Hit tor+http://security.debian.org jessie/updates/contrib i386 Packages
Get:2 tor+http://deb.tails.boum.org 2.0.1/main i386 Packages
Hit tor+http://security.debian.org jessie/updates/non-free i386 Packages
Hit tor+http://security.debian.org jessie/updates/contrib Translation-en
Hit tor+http://deb.torproject.org obfs4proxy InRelease
Get:3 tor+http://deb.tails.boum.org 2.0.1/main Translation-en
Hit tor+http://security.debian.org jessie/updates/main Translation-en
Hit tor+http://security.debian.org jessie/updates/non-free Translation-en
Hit tor+http://deb.torproject.org jessie InRelease
Hit tor+http://deb.torproject.org sid InRelease
Ign tor+http://deb.tails.boum.org 2.0.1/main Translation-en
Hit tor+http://deb.torproject.org obfs4proxy/main i386 Packages
Get:4 tor+http://deb.torproject.org obfs4proxy/main Translation-en
Hit tor+http://deb.torproject.org jessie/main i386 Packages
Get:5 tor+http://deb.torproject.org jessie/main Translation-en
Hit tor+http://deb.torproject.org sid/main i386 Packages
Get:6 tor+http://deb.torproject.org sid/main Translation-en
Ign tor+http://deb.torproject.org obfs4proxy/main Translation-en
Ign tor+http://deb.torproject.org jessie/main Translation-en
Ign tor+http://deb.torproject.org sid/main Translation-en
Get:7 tor+http://ftp.us.debian.org jessie InRelease
Ign tor+http://ftp.us.debian.org jessie InRelease
Get:8 tor+http://ftp.us.debian.org jessie-backports InRelease
Get:9 tor+http://ftp.us.debian.org unstable InRelease
Get:10 tor+http://ftp.us.debian.org testing InRelease
Hit tor+http://ftp.us.debian.org jessie Release.gpg
Get:11 tor+http://ftp.us.debian.org experimental/main i386 Packages/DiffIndex
Get:12 tor+http://ftp.us.debian.org experimental/main Translation-en/DiffIndex
Get:13 tor+http://ftp.us.debian.org jessie-backports/main i386 Packages/DiffIndex
Get:14 tor+http://ftp.us.debian.org jessie-backports/contrib i386 Packages/DiffIndex
Get:15 tor+http://ftp.us.debian.org jessie-backports/non-free i386 Packages/DiffIndex
Get:16 tor+http://ftp.us.debian.org jessie-backports/contrib Translation-en/DiffIndex
Get:17 tor+http://ftp.us.debian.org jessie-backports/main Translation-en/DiffIndex
Get:18 tor+http://ftp.us.debian.org jessie-backports/non-free Translation-en/DiffIndex
Get:19 tor+http://ftp.us.debian.org unstable/main i386 Packages/DiffIndex
Get:20 tor+http://ftp.us.debian.org unstable/contrib i386 Packages/DiffIndex
Get:21 tor+http://ftp.us.debian.org unstable/non-free i386 Packages/DiffIndex
Get:22 tor+http://ftp.us.debian.org unstable/contrib Translation-en/DiffIndex
Get:23 tor+http://ftp.us.debian.org unstable/main Translation-en/DiffIndex
Get:24 tor+http://ftp.us.debian.org unstable/non-free Translation-en/DiffIndex
Get:25 tor+http://ftp.us.debian.org testing/main i386 Packages/DiffIndex
Get:26 tor+http://ftp.us.debian.org testing/contrib i386 Packages/DiffIndex
Get:27 tor+http://ftp.us.debian.org testing/non-free i386 Packages/DiffIndex
Get:28 tor+http://ftp.us.debian.org testing/contrib Translation-en/DiffIndex
Get:29 tor+http://ftp.us.debian.org testing/main Translation-en/DiffIndex
Get:30 tor+http://ftp.us.debian.org testing/non-free Translation-en/DiffIndex
Hit tor+http://ftp.us.debian.org jessie Release
Get:31 tor+http://ftp.us.debian.org experimental/main i386 2016-03-04-2052.11.pdiff
Get:32 tor+http://ftp.us.debian.org experimental/main i386 2016-03-05-0252.10.pdiff
Get:33 tor+http://ftp.us.debian.org experimental/main i386 2016-03-05-0852.38.pdiff
Get:34 tor+http://ftp.us.debian.org experimental/main i386 2016-03-05-1453.58.pdiff
Get:35 tor+http://ftp.us.debian.org experimental/main i386 2016-03-05-1453.58.pdiff [14.5 kB]
Get:36 tor+http://ftp.us.debian.org experimental/main 2016-03-04-2052.11.pdiff
Get:37 tor+http://ftp.us.debian.org experimental/main 2016-03-05-0252.10.pdiff
Get:38 tor+http://ftp.us.debian.org experimental/main 2016-03-05-0852.38.pdiff
Get:39 tor+http://ftp.us.debian.org experimental/main 2016-03-05-1453.58.pdiff
Get:40 tor+http://ftp.us.debian.org experimental/main 2016-03-05-1453.58.pdiff [1,039 B]
Get:41 tor+http://ftp.us.debian.org jessie-backports/main i386 2016-03-04-2052.11.pdiff
Get:42 tor+http://ftp.us.debian.org jessie-backports/main i386 2016-03-05-0252.10.pdiff
Get:43 tor+http://ftp.us.debian.org jessie-backports/main i386 2016-03-05-0852.38.pdiff
Get:44 tor+http://ftp.us.debian.org jessie-backports/main i386 2016-03-05-0852.38.pdiff [243 B]
Get:45 tor+http://ftp.us.debian.org unstable/main i386 2016-03-04-2052.11.pdiff
Get:46 tor+http://ftp.us.debian.org unstable/main i386 2016-03-05-0252.10.pdiff
Get:47 tor+http://ftp.us.debian.org unstable/main i386 2016-03-05-0852.38.pdiff
Get:48 tor+http://ftp.us.debian.org unstable/main i386 2016-03-05-1453.58.pdiff
Get:49 tor+http://ftp.us.debian.org unstable/main i386 2016-03-05-1453.58.pdiff [13.1 kB]
Get:50 tor+http://ftp.us.debian.org unstable/contrib i386 2016-03-05-1453.58.pdiff
Get:51 tor+http://ftp.us.debian.org unstable/non-free i386 2016-03-05-1453.58.pdiff
Get:52 tor+http://ftp.us.debian.org unstable/main 2016-03-04-2052.11.pdiff
Get:53 tor+http://ftp.us.debian.org unstable/contrib i386 2016-03-05-1453.58.pdiff [1,875 B]
Get:54 tor+http://ftp.us.debian.org unstable/non-free i386 2016-03-05-1453.58.pdiff [406 B]
Get:55 tor+http://ftp.us.debian.org unstable/main 2016-03-05-0252.10.pdiff
Get:56 tor+http://ftp.us.debian.org unstable/main 2016-03-05-0852.38.pdiff
Get:57 tor+http://ftp.us.debian.org unstable/main 2016-03-05-1453.58.pdiff
Get:58 tor+http://ftp.us.debian.org unstable/main 2016-03-05-1453.58.pdiff [669 B]
Get:59 tor+http://ftp.us.debian.org testing/main i386 2016-03-05-0252.10.pdiff
Get:60 tor+http://ftp.us.debian.org testing/main i386 2016-03-05-1453.58.pdiff
Get:61 tor+http://ftp.us.debian.org testing/main i386 2016-03-05-1453.58.pdiff [34.0 kB]
Get:62 tor+http://ftp.us.debian.org testing/non-free i386 2016-03-05-0252.10.pdiff
Get:63 tor+http://ftp.us.debian.org testing/contrib 2016-03-05-0252.10.pdiff
Get:64 tor+http://ftp.us.debian.org testing/main 2016-03-05-0252.10.pdiff
Get:65 tor+http://ftp.us.debian.org testing/non-free i386 2016-03-05-0252.10.pdiff [383 B]
Get:66 tor+http://ftp.us.debian.org testing/contrib 2016-03-05-0252.10.pdiff [362 B]
Get:67 tor+http://ftp.us.debian.org testing/main 2016-03-05-1453.58.pdiff
Get:68 tor+http://ftp.us.debian.org testing/main 2016-03-05-1453.58.pdiff [1,975 B]
Get:69 tor+http://ftp.us.debian.org testing/non-free 2016-03-05-0252.10.pdiff
Hit tor+http://ftp.us.debian.org jessie/main i386 Packages
Get:70 tor+http://ftp.us.debian.org testing/non-free 2016-03-05-0252.10.pdiff [512 B]
Hit tor+http://ftp.us.debian.org jessie/contrib i386 Packages
Hit tor+http://ftp.us.debian.org jessie/non-free i386 Packages
Hit tor+http://ftp.us.debian.org jessie/contrib Translation-en
Hit tor+http://ftp.us.debian.org jessie/main Translation-en
Hit tor+http://ftp.us.debian.org jessie/non-free Translation-en
Fetched 1,485 kB in 47s (31.3 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  dpkg-dev g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin
libc6 libc6-dev libcilkrts5 libgcc-4.9-dev libitm1 libstdc++-4.9-dev
libubsan0
  linux-libc-dev make
Suggested packages:
  debian-keyring g++-multilib g++-4.9-multilib gcc-4.9-doc
libstdc++6-4.9-dbg gcc-multilib manpages-dev autoconf automake libtool
flex bison gdb gcc-doc
  gcc-4.9-multilib gcc-4.9-locales libgcc1-dbg libgomp1-dbg libitm1-dbg
libatomic1-dbg libasan1-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg
libcilkrts5-dbg
  libquadmath0-dbg glibc-doc libstdc++-4.9-doc make-doc
Recommended packages:
  fakeroot libalgorithm-merge-perl libc6-i686
The following NEW packages will be installed:
  build-essential dpkg-dev g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1
libc-dev-bin libc6-dev libcilkrts5 libgcc-4.9-dev libitm1
libstdc++-4.9-dev libubsan0
  linux-libc-dev make
The following packages will be upgraded:
  libc6
1 upgraded, 17 newly installed, 0 to remove and 47 not upgraded.
Need to get 0 B/37.2 MB of archives.
After this operation, 97.0 MB of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 143658 files and directories currently installed.)
Preparing to unpack .../libc6_2.19-18+deb8u3_i386.deb ...
Unpacking libc6:i386 (2.19-18+deb8u3) over (2.19-18+deb8u2) ...
Setting up libc6:i386 (2.19-18+deb8u3) ...
Processing triggers for libc-bin (2.19-18+deb8u2) ...
Selecting previously unselected package libasan1:i386.
(Reading database ... 143658 files and directories currently installed.)
Preparing to unpack .../libasan1_4.9.2-10_i386.deb ...
Unpacking libasan1:i386 (4.9.2-10) ...
Selecting previously unselected package libatomic1:i386.
Preparing to unpack .../libatomic1_4.9.2-10_i386.deb ...
Unpacking libatomic1:i386 (4.9.2-10) ...
Selecting previously unselected package libcilkrts5:i386.
Preparing to unpack .../libcilkrts5_4.9.2-10_i386.deb ...
Unpacking libcilkrts5:i386 (4.9.2-10) ...
Selecting previously unselected package libitm1:i386.
Preparing to unpack .../libitm1_4.9.2-10_i386.deb ...
Unpacking libitm1:i386 (4.9.2-10) ...
Selecting previously unselected package libubsan0:i386.
Preparing to unpack .../libubsan0_4.9.2-10_i386.deb ...
Unpacking libubsan0:i386 (4.9.2-10) ...
Selecting previously unselected package libc-dev-bin.
Preparing to unpack .../libc-dev-bin_2.19-18+deb8u3_i386.deb ...
Unpacking libc-dev-bin (2.19-18+deb8u3) ...
Selecting previously unselected package linux-libc-dev:i386.
Preparing to unpack .../linux-libc-dev_3.16.7-ckt20-1+deb8u4_i386.deb ...
Unpacking linux-libc-dev:i386 (3.16.7-ckt20-1+deb8u4) ...
Selecting previously unselected package libc6-dev:i386.
Preparing to unpack .../libc6-dev_2.19-18+deb8u3_i386.deb ...
Unpacking libc6-dev:i386 (2.19-18+deb8u3) ...
Selecting previously unselected package libgcc-4.9-dev:i386.
Preparing to unpack .../libgcc-4.9-dev_4.9.2-10_i386.deb ...
Unpacking libgcc-4.9-dev:i386 (4.9.2-10) ...
Selecting previously unselected package gcc-4.9.
Preparing to unpack .../gcc-4.9_4.9.2-10_i386.deb ...
Unpacking gcc-4.9 (4.9.2-10) ...
Selecting previously unselected package gcc.
Preparing to unpack .../gcc_4%3a4.9.2-2_i386.deb ...
Unpacking gcc (4:4.9.2-2) ...
Selecting previously unselected package libstdc++-4.9-dev:i386.
Preparing to unpack .../libstdc++-4.9-dev_4.9.2-10_i386.deb ...
Unpacking libstdc++-4.9-dev:i386 (4.9.2-10) ...
Selecting previously unselected package g++-4.9.
Preparing to unpack .../g++-4.9_4.9.2-10_i386.deb ...
Unpacking g++-4.9 (4.9.2-10) ...
Selecting previously unselected package g++.
Preparing to unpack .../g++_4%3a4.9.2-2_i386.deb ...
Unpacking g++ (4:4.9.2-2) ...
Selecting previously unselected package make.
Preparing to unpack .../archives/make_4.0-8.1_i386.deb ...
Unpacking make (4.0-8.1) ...
Selecting previously unselected package dpkg-dev.
Preparing to unpack .../dpkg-dev_1.17.26_all.deb ...
Unpacking dpkg-dev (1.17.26) ...
Selecting previously unselected package build-essential.
Preparing to unpack .../build-essential_11.7_i386.deb ...
Unpacking build-essential (11.7) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up libasan1:i386 (4.9.2-10) ...
Setting up libatomic1:i386 (4.9.2-10) ...
Setting up libcilkrts5:i386 (4.9.2-10) ...
Setting up libitm1:i386 (4.9.2-10) ...
Setting up libubsan0:i386 (4.9.2-10) ...
Setting up libc-dev-bin (2.19-18+deb8u3) ...
Setting up linux-libc-dev:i386 (3.16.7-ckt20-1+deb8u4) ...
Setting up libc6-dev:i386 (2.19-18+deb8u3) ...
Setting up libgcc-4.9-dev:i386 (4.9.2-10) ...
Setting up gcc-4.9 (4.9.2-10) ...
Setting up gcc (4:4.9.2-2) ...
Setting up libstdc++-4.9-dev:i386 (4.9.2-10) ...
Setting up g++-4.9 (4.9.2-10) ...
Setting up g++ (4:4.9.2-2) ...
update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in
auto mode
Setting up make (4.0-8.1) ...
Setting up dpkg-dev (1.17.26) ...
Setting up build-essential (11.7) ...
Processing triggers for libc-bin (2.19-18+deb8u2) ...
Job for tor.service failed. See 'systemctl status tor.service' and
'journalctl -xn' for details.

Successfully configured the persistent initialization script for
SecureDrop's Tor configuration!
You will see a notification appear in the top-right corner of your
screen when it runs.

systemctl status tor.service shows nothing useful, and journalctl -xn shows nothing at all.

ageis commented 8 years ago

@ehartsuyker We're aware of the latter two issues you mention; this is because the current version of our documentation on ReadTheDocs is based on the develop branch of SecureDrop on GitHub, which has some discrepancies with 0.3.6. For the meantime, I personally recommend that people run the version of ./tails_files/install.sh from the develop branch in order to get the SSH aliases and shortcut icons, and then switching back to 0.3.6. Or you can just write the SSH aliases manually. With regard to Tor not starting, that is unexpected and we'd like to investigate and obtain more information. It may be either related to the Sandbox directive or the HidServAuth strings are not formatted correctly. Can you get anything useful out of /var/log/tor? Does torrc appear valid?

heartsucker commented 8 years ago

@ageis Ah, sorry if this is a duplicate then. I was in a rush to get out of my flat last night (which is about to explain my lack of useful logs). Anwho.

Tor was able start up again when I rebooted Tails. Also, it was still running after the script finished, so I attempted to restart it with systemctl, and that caused it to fail and be unable to start up again. On the next boot, Tor crashed and didn't start then Tails crashed. On the next boot, vidalia didn't start, and I tried to start it from the terminal, that crashed (no logs anywhere), but Tor was up and running. On this boot (the third), everything seems to be happy. This could be a Tails problem, but I've never seen any of these happen until I ran the script, so... Maybe related? Though that doesn't really make sense from looking at the script either. ¯\_(ツ)_/¯

And here's my /etc/tor/torrc.

## Configuration file for a typical Tor user
## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
## (May or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
## See the man page, or https://www.torproject.org/tor-manual-dev.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc

## Default SocksPort
SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort
## SocksPort for the MUA
SocksPort 127.0.0.1:9061 IsolateDestAddr
## SocksPort for Tails-specific applications
SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort
## SocksPort for the default web browser
SocksPort 127.0.0.1:9150 IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth

## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests from SocksListenAddress.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
#RunAsDaemon 1

## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
ControlPort 9051
ControlListenAddress 127.0.0.1

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.

## A unique handle for your server.
#Nickname ididnteditheconfig

## The IP or FQDN for your server. Leave commented out and Tor will guess.
#Address noname.example.com

## Define these to limit the bandwidth usage of relayed (server)
## traffic. Your own traffic is still unthrottled.
## Note that RelayBandwidthRate must be at least 20 KB.
#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

## Contact info to be published in the directory, so we can contact you
## if your server is misconfigured or something else goes wrong.
#ContactInfo Random Person <nobody AT example dot com>
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

## Required: what port to advertise for Tor connections.
#ORPort 9001
## If you need to listen on a port other than the one advertised
## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
## line below too. You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORListenAddress 0.0.0.0:9090

## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
#DirPort 9030 # what port to advertise for directory connections
## If you need to listen on a port other than the one advertised
## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
## below too. You'll need to do ipchains or other port forwarding yourself
## to make this work.
#DirListenAddress 0.0.0.0:9091

## Uncomment this if you run more than one Tor server, and add the
## nickname of each Tor server you control, even if they're on different
## networks. You declare it here so Tor clients can avoid using more than
## one of your servers in a single circuit. See
## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
#MyFamily nickname1,nickname2,...

## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins. If you want to _replace_
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## available in the man page or at https://www.torproject.org/documentation.html
##
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
##
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # no exits allowed
#
################ This section is just for bridge relays ##############
#
## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
## main directory. Since there is no complete public list of them, even if an
## ISP is filtering connections to all the known Tor relays, they probably
## won't be able to block all the bridges. Unlike running an exit relay,
## running a bridge relay just passes data to and from the Tor network --
## so it shouldn't expose the operator to abuse complaints.

#ORPort 443
#BridgeRelay 1
#RelayBandwidthRate 50KBytes
#ExitPolicy reject *:*

################ Local settings ########################################

## Torified DNS
DNSPort 5353
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion

## Transparent proxy
TransPort 9040
TransListenAddress 127.0.0.1

## Misc
AvoidDiskWrites 1

## We don't care if applications do their own DNS lookups since our Tor
## enforcement will handle it safely.
WarnUnsafeSocks 0

## Disable default warnings on StartTLS for email. Let's not train our
## users to click through security warnings.
WarnPlaintextPorts 23,109
Sandbox 1
# Add the HidServAuth lines for your authenticated hidden services here.
# When you're done, save the file and quit the editor.
# REDACTED
# REDACTED
# REDACTED

The only diff from this and /etc/tor/torrc.bak is the bottom few lines about the hidden service auth.

/home/amnesia/.vidalia/torrc is empty.

conorsch commented 8 years ago

Looks like this issue caused by a misconfiguration of the network hooks that bootstrap the SecureDrop ATHS values. See #1277 (merged into develop) for details. Leaving this issue open pending closer scrutiny.

garrettr commented 8 years ago

@heartsucker FYI, we're planning on issuing a point release, 0.3.7, to address the issues with tails_files/install.sh and Tails 2.x very soon.

ageis commented 8 years ago

The first problem mentioned here is directly related to https://github.com/freedomofpress/securedrop/issues/1281. Regret that we didn't catch that sooner, but as @garrettr said the fixes are coming.

garrettr commented 8 years ago

we're planning on issuing a point release, 0.3.7, to address the issues with tails_files/install.sh and Tails 2.x very soon.

To give an update on timing: it's looking like we'll be able to release 0.3.7 sometime next week.

garrettr commented 8 years ago

This issue was resolved in 0.3.7 thanks to #1309, #1318, #1303, and #1317.