Closed DAD405 closed 1 year ago
evilaliv3
commented
1 year ago Hello @DAD405
I think your system kernel could possibilty not support Apparmor that is now a mandatory requirement of our standard setup.
I suggest you to create a file /etc/default/globaleaks with written:
APPARMOR_SANDBOXING=0This will enforce globaleaks to not use apparmor.
After creating the file please try to run/reinstall globaleaks
DAD405
commented
1 year ago Done a lot of tests, got some findings but no solution
TLDR Version first: Tested APPARMOR_SANDBOXING=0 in /etc/default/globaleaks - no success but a new error on installation regarding permissions. (This error is not fixed by now) Tested for apparmor on the System and looks like it does run now (was disabled at boot) Tested installation again with old setting - no success but a same error on installation regarding permissions. (This error is not fixed by now) same behavior as before: manual start with sudo globaleaks brings https Website up but no tor
I'm sorry for the long wall of text below , had hope to figure it out but now I'm back to square one
any idea aprechiated.
Altered file /etc/default/globaleaks to
# This is a configuration file for /etc/init.d/globaleaks;
# it allows you to perform common modifications to the behavior
# of the globaleaks daemon.
#
# Default settings can be found at: /usr/share/globaleaks/default
APPARMOR_SANDBOXING=0uninstalled globaleaks by :
sudo apt remove globaleaks
sudo apt autoremove
suto rebootchecked content of File /etc/default/globaleaks still the same as above
tryed reinstal with
[...]@Globaleaks:~ $ sudo ./install-globaleaks.sh
Running the GlobaLeaks installation...
In case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/GlobaLeaks/issues
Detected OS: Debian - bullseye
Running: "/etc/init.d/globaleaks stop"... SUCCESS
Running: "apt-get -y update"... SUCCESS
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tzdata is already the newest version (2021a-1+deb11u8).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Current default time zone: 'Europe/Berlin'
Local time is now: Mon Jan 16 15:25:29 CET 2023.
Universal Time is now: Mon Jan 16 14:25:29 UTC 2023.
Running: "apt-get -y install curl gnupg net-tools software-properties-common"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:80"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:443"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8082"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8083"... SUCCESS
+ required TCP sockets open
Adding GlobaLeaks PGP key to trusted APT keys
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 5519 100 5519 0 0 37801 0 --:--:-- --:--:-- --:--:-- 38062
OK
Updating GlobaLeaks apt source.list in /etc/apt/sources.list.d/globaleaks.list ...
Running: "apt-get update -y"... SUCCESS
Running: "apt-get install globaleaks -y"... FAIL
Ouch! The installation failed.
COMBINED STDOUT/STDERR OUTPUT OF FAILED COMMAND:
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
geoip-database iptables libgeoip1 libip6tc2 libnetfilter-conntrack3
libnfnetlink0 libsodium23 python3-acme python3-attr python3-automat
python3-bcrypt python3-click python3-colorama python3-constantly
python3-debian python3-geoip python3-gnupg python3-h2 python3-hamcrest
python3-hpack python3-hyperframe python3-hyperlink python3-incremental
python3-josepy python3-nacl python3-priority python3-pyasn1
python3-pyasn1-modules python3-requests-toolbelt python3-rfc3339
python3-service-identity python3-sqlalchemy python3-sqlalchemy-ext
python3-twisted python3-twisted-bin python3-txtorcon python3-tz
python3-zope.interface
Suggested packages:
firewalld geoip-bin python-acme-doc python-attr-doc python-nacl-doc
python-sqlalchemy-doc python3-fdb python3-pymssql python3-mysqldb
python3-psycopg2 python3-tk python3-pampy python3-qt4 python3-serial
python3-wxgtk2.8 python3-twisted-bin-dbg
The following NEW packages will be installed:
geoip-database globaleaks iptables libgeoip1 libip6tc2
libnetfilter-conntrack3 libnfnetlink0 libsodium23 python3-acme python3-attr
python3-automat python3-bcrypt python3-click python3-colorama
python3-constantly python3-debian python3-geoip python3-gnupg python3-h2
python3-hamcrest python3-hpack python3-hyperframe python3-hyperlink
python3-incremental python3-josepy python3-nacl python3-priority
python3-pyasn1 python3-pyasn1-modules python3-requests-toolbelt
python3-rfc3339 python3-service-identity python3-sqlalchemy
python3-sqlalchemy-ext python3-twisted python3-twisted-bin python3-txtorcon
python3-tz python3-zope.interface
0 upgraded, 39 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.2 MB of archives.
After this operation, 54.2 MB of additional disk space will be used.
Selecting previously unselected package geoip-database.
(Reading database ... 38261 files and directories currently installed.)
Preparing to unpack .../00-geoip-database_20191224-3_all.deb ...
Unpacking geoip-database (20191224-3) ...
Selecting previously unselected package libip6tc2:arm64.
Preparing to unpack .../01-libip6tc2_1.8.7-1_arm64.deb ...
Unpacking libip6tc2:arm64 (1.8.7-1) ...
Selecting previously unselected package libnfnetlink0:arm64.
Preparing to unpack .../02-libnfnetlink0_1.0.1-3+b1_arm64.deb ...
Unpacking libnfnetlink0:arm64 (1.0.1-3+b1) ...
Selecting previously unselected package libnetfilter-conntrack3:arm64.
Preparing to unpack .../03-libnetfilter-conntrack3_1.0.8-3_arm64.deb ...
Unpacking libnetfilter-conntrack3:arm64 (1.0.8-3) ...
Selecting previously unselected package iptables.
Preparing to unpack .../04-iptables_1.8.7-1_arm64.deb ...
Unpacking iptables (1.8.7-1) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../05-python3-josepy_1.2.0-2_all.deb ...
Unpacking python3-josepy (1.2.0-2) ...
Selecting previously unselected package python3-requests-toolbelt.
Preparing to unpack .../06-python3-requests-toolbelt_0.9.1-1_all.deb ...
Unpacking python3-requests-toolbelt (0.9.1-1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../07-python3-tz_2021.1-1_all.deb ...
Unpacking python3-tz (2021.1-1) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../08-python3-rfc3339_1.1-2_all.deb ...
Unpacking python3-rfc3339 (1.1-2) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../09-python3-acme_1.12.0-2_all.deb ...
Unpacking python3-acme (1.12.0-2) ...
Selecting previously unselected package python3-debian.
Preparing to unpack .../10-python3-debian_0.1.39_all.deb ...
Unpacking python3-debian (0.1.39) ...
Selecting previously unselected package python3-hpack.
Preparing to unpack .../11-python3-hpack_4.0.0-2_all.deb ...
Unpacking python3-hpack (4.0.0-2) ...
Selecting previously unselected package python3-hyperframe.
Preparing to unpack .../12-python3-hyperframe_6.0.0-1_all.deb ...
Unpacking python3-hyperframe (6.0.0-1) ...
Selecting previously unselected package python3-h2.
Preparing to unpack .../13-python3-h2_4.0.0-3_all.deb ...
Unpacking python3-h2 (4.0.0-3) ...
Selecting previously unselected package libsodium23:arm64.
Preparing to unpack .../14-libsodium23_1.0.18-1_arm64.deb ...
Unpacking libsodium23:arm64 (1.0.18-1) ...
Selecting previously unselected package python3-nacl.
Preparing to unpack .../15-python3-nacl_1.4.0-1+b1_arm64.deb ...
Unpacking python3-nacl (1.4.0-1+b1) ...
Selecting previously unselected package python3-gnupg.
Preparing to unpack .../16-python3-gnupg_0.4.6-1_all.deb ...
Unpacking python3-gnupg (0.4.6-1) ...
Selecting previously unselected package python3-priority.
Preparing to unpack .../17-python3-priority_1.3.0-3_all.deb ...
Unpacking python3-priority (1.3.0-3) ...
Selecting previously unselected package python3-sqlalchemy.
Preparing to unpack .../18-python3-sqlalchemy_1.3.22+ds1-1_all.deb ...
Unpacking python3-sqlalchemy (1.3.22+ds1-1) ...
Selecting previously unselected package python3-attr.
Preparing to unpack .../19-python3-attr_20.3.0-1_all.deb ...
Unpacking python3-attr (20.3.0-1) ...
Selecting previously unselected package python3-automat.
Preparing to unpack .../20-python3-automat_20.2.0-1_all.deb ...
Unpacking python3-automat (20.2.0-1) ...
Selecting previously unselected package python3-constantly.
Preparing to unpack .../21-python3-constantly_15.1.0-2_all.deb ...
Unpacking python3-constantly (15.1.0-2) ...
Selecting previously unselected package python3-hyperlink.
Preparing to unpack .../22-python3-hyperlink_19.0.0-2_all.deb ...
Unpacking python3-hyperlink (19.0.0-2) ...
Selecting previously unselected package python3-incremental.
Preparing to unpack .../23-python3-incremental_17.5.0-1_all.deb ...
Unpacking python3-incremental (17.5.0-1) ...
Selecting previously unselected package python3-zope.interface.
Preparing to unpack .../24-python3-zope.interface_5.2.0-1_arm64.deb ...
Unpacking python3-zope.interface (5.2.0-1) ...
Selecting previously unselected package python3-twisted-bin:arm64.
Preparing to unpack .../25-python3-twisted-bin_20.3.0-7+deb11u1_arm64.deb ...
Unpacking python3-twisted-bin:arm64 (20.3.0-7+deb11u1) ...
Selecting previously unselected package python3-pyasn1.
Preparing to unpack .../26-python3-pyasn1_0.4.8-1_all.deb ...
Unpacking python3-pyasn1 (0.4.8-1) ...
Selecting previously unselected package python3-pyasn1-modules.
Preparing to unpack .../27-python3-pyasn1-modules_0.2.1-1_all.deb ...
Unpacking python3-pyasn1-modules (0.2.1-1) ...
Selecting previously unselected package python3-service-identity.
Preparing to unpack .../28-python3-service-identity_18.1.0-6_all.deb ...
Unpacking python3-service-identity (18.1.0-6) ...
Selecting previously unselected package python3-hamcrest.
Preparing to unpack .../29-python3-hamcrest_1.9.0-3_all.deb ...
Unpacking python3-hamcrest (1.9.0-3) ...
Selecting previously unselected package python3-bcrypt.
Preparing to unpack .../30-python3-bcrypt_3.1.7-4_arm64.deb ...
Unpacking python3-bcrypt (3.1.7-4) ...
Selecting previously unselected package python3-twisted.
Preparing to unpack .../31-python3-twisted_20.3.0-7+deb11u1_all.deb ...
Unpacking python3-twisted (20.3.0-7+deb11u1) ...
Selecting previously unselected package libgeoip1:arm64.
Preparing to unpack .../32-libgeoip1_1.6.12-7_arm64.deb ...
Unpacking libgeoip1:arm64 (1.6.12-7) ...
Selecting previously unselected package python3-geoip.
Preparing to unpack .../33-python3-geoip_1.3.2-3+b3_arm64.deb ...
Unpacking python3-geoip (1.3.2-3+b3) ...
Selecting previously unselected package python3-txtorcon.
Preparing to unpack .../34-python3-txtorcon_20.0.0-1_all.deb ...
Unpacking python3-txtorcon (20.0.0-1) ...
Selecting previously unselected package globaleaks.
Preparing to unpack .../35-globaleaks_4.10.14_all.deb ...
Unpacking globaleaks (4.10.14) ...
Selecting previously unselected package python3-colorama.
Preparing to unpack .../36-python3-colorama_0.4.4-1_all.deb ...
Unpacking python3-colorama (0.4.4-1) ...
Selecting previously unselected package python3-click.
Preparing to unpack .../37-python3-click_7.1.2-1_all.deb ...
Unpacking python3-click (7.1.2-1) ...
Selecting previously unselected package python3-sqlalchemy-ext:arm64.
Preparing to unpack .../38-python3-sqlalchemy-ext_1.3.22+ds1-1_arm64.deb ...
Unpacking python3-sqlalchemy-ext:arm64 (1.3.22+ds1-1) ...
Setting up python3-attr (20.3.0-1) ...
Setting up python3-gnupg (0.4.6-1) ...
Setting up libsodium23:arm64 (1.0.18-1) ...
Setting up python3-requests-toolbelt (0.9.1-1) ...
Setting up python3-hyperframe (6.0.0-1) ...
Setting up python3-hpack (4.0.0-2) ...
Setting up python3-colorama (0.4.4-1) ...
Setting up python3-zope.interface (5.2.0-1) ...
Setting up libip6tc2:arm64 (1.8.7-1) ...
Setting up python3-bcrypt (3.1.7-4) ...
Setting up python3-automat (20.2.0-1) ...
Setting up python3-twisted-bin:arm64 (20.3.0-7+deb11u1) ...
Setting up python3-hamcrest (1.9.0-3) ...
Setting up python3-click (7.1.2-1) ...
Setting up python3-tz (2021.1-1) ...
Setting up python3-sqlalchemy (1.3.22+ds1-1) ...
Setting up python3-sqlalchemy-ext:arm64 (1.3.22+ds1-1) ...
Setting up python3-priority (1.3.0-3) ...
Setting up python3-incremental (17.5.0-1) ...
Setting up python3-debian (0.1.39) ...
Setting up python3-hyperlink (19.0.0-2) ...
Setting up python3-josepy (1.2.0-2) ...
Setting up libnfnetlink0:arm64 (1.0.1-3+b1) ...
Setting up libgeoip1:arm64 (1.6.12-7) ...
Setting up python3-pyasn1 (0.4.8-1) ...
Setting up python3-constantly (15.1.0-2) ...
Setting up python3-h2 (4.0.0-3) ...
Setting up geoip-database (20191224-3) ...
Setting up python3-rfc3339 (1.1-2) ...
Setting up python3-nacl (1.4.0-1+b1) ...
Setting up python3-acme (1.12.0-2) ...
Setting up python3-pyasn1-modules (0.2.1-1) ...
Setting up python3-service-identity (18.1.0-6) ...
Setting up libnetfilter-conntrack3:arm64 (1.0.8-3) ...
Setting up python3-geoip (1.3.2-3+b3) ...
Setting up iptables (1.8.7-1) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up python3-twisted (20.3.0-7+deb11u1) ...
Setting up python3-txtorcon (20.0.0-1) ...
Setting up globaleaks (4.10.14) ...
Job for globaleaks.service failed because the control process exited with error code.
See "systemctl status globaleaks.service" and "journalctl -xe" for details.
invoke-rc.d: initscript globaleaks, action "restart" failed.
● globaleaks.service - LSB: Start the GlobaLeaks server.
Loaded: loaded (/etc/init.d/globaleaks; generated)
Active: failed (Result: exit-code) since Mon 2023-01-16 15:26:27 CET; 17ms ago
Docs: man:systemd-sysv-generator(8)
Process: 2946 ExecStart=/etc/init.d/globaleaks start (code=exited, status=1/FAILURE)
CPU: 4.106s
Jan 16 15:26:27 Globaleaks globaleaks[3000]: File "/usr/lib/python3/dist-packages/globaleaks/state.py", line 134, in create_directory
Jan 16 15:26:27 Globaleaks globaleaks[3000]: raise excep
Jan 16 15:26:27 Globaleaks globaleaks[3000]: File "/usr/lib/python3/dist-packages/globaleaks/state.py", line 130, in create_directory
Jan 16 15:26:27 Globaleaks globaleaks[3000]: os.mkdir(path)
Jan 16 15:26:27 Globaleaks globaleaks[3000]: PermissionError: [Errno 13] Permission denied: '/var/globaleaks/files'
Jan 16 15:26:27 Globaleaks globaleaks[2946]: failed.
Jan 16 15:26:27 Globaleaks systemd[1]: globaleaks.service: Control process exited, code=exited, status=1/FAILURE
Jan 16 15:26:27 Globaleaks systemd[1]: globaleaks.service: Failed with result 'exit-code'.
Jan 16 15:26:27 Globaleaks systemd[1]: Failed to start LSB: Start the GlobaLeaks server..
Jan 16 15:26:27 Globaleaks systemd[1]: globaleaks.service: Consumed 4.106s CPU time.
dpkg: error processing package globaleaks (--configure):
installed globaleaks package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+rpt2+rpi1+deb11u5) ...
Errors were encountered while processing:
globaleaks
E: Sub-process /usr/bin/dpkg returned an error code (1)Globaleaks website not reachable. checked content of File /etc/default/globaleaks still the same as above started globyeaks by sudo globalekas
monitoring with top globaleaks shows up intemittend but looks like it is running.
https - Site is working Tor not working - Onion Site not found
On my part I will check for apparmor on Raspi with Debian Bulleye Kernel. This should work, maybe some config missing found https://forums.raspberrypi.com/viewtopic.php?t=332025
[...]@Globaleaks:~ $ aa-enabled
No - disabled at boot.
[...]@Globaleaks:~ $ sudo nano /boot/cmdline.txtAccording to raspberry-forum added lsm=apparmor to /boot/cmdline.txt done a reboot
[...]@Globaleaks:~ $ aa-status
apparmor module is loaded.
You do not have enough privilege to read the profile set.looks promising....
Altered sudo nano /etc/default/globaleaks to
# This is a configuration file for /etc/init.d/globaleaks;
# it allows you to perform common modifications to the behavior
# of the globaleaks daemon.
#
# Default settings can be found at: /usr/share/globaleaks/default
# APPARMOR_SANDBOXING=0Again Uninstallation-Dance
sudo apt remove globaleaks
sudo apt autoremove
suto rebootchecked aa-status -OK checked /etc/default/globaleaks - OK
OK reinstall...
[...]@Globaleaks:~ $ sudo ./install-globaleaks.sh
Running the GlobaLeaks installation...
In case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/GlobaLeaks/issues
Detected OS: Debian - bullseye
Running: "/etc/init.d/globaleaks stop"... SUCCESS
Running: "apt-get -y update"... SUCCESS
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tzdata is already the newest version (2021a-1+deb11u8).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Current default time zone: 'Europe/Berlin'
Local time is now: Mon Jan 16 16:15:16 CET 2023.
Universal Time is now: Mon Jan 16 15:15:16 UTC 2023.
Running: "apt-get -y install curl gnupg net-tools software-properties-common"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:80"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:443"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8082"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8083"... SUCCESS
+ required TCP sockets open
Adding GlobaLeaks PGP key to trusted APT keys
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 5519 100 5519 0 0 37040 0 --:--:-- --:--:-- --:--:-- 37040
OK
Updating GlobaLeaks apt source.list in /etc/apt/sources.list.d/globaleaks.list ...
Running: "apt-get update -y"... SUCCESS
Running: "apt-get install globaleaks -y"... FAIL
Ouch! The installation failed.
COMBINED STDOUT/STDERR OUTPUT OF FAILED COMMAND:
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
geoip-database iptables libgeoip1 libip6tc2 libnetfilter-conntrack3
libnfnetlink0 libsodium23 python3-acme python3-attr python3-automat
python3-bcrypt python3-click python3-colorama python3-constantly
python3-debian python3-geoip python3-gnupg python3-h2 python3-hamcrest
python3-hpack python3-hyperframe python3-hyperlink python3-incremental
python3-josepy python3-nacl python3-priority python3-pyasn1
python3-pyasn1-modules python3-requests-toolbelt python3-rfc3339
python3-service-identity python3-sqlalchemy python3-sqlalchemy-ext
python3-twisted python3-twisted-bin python3-txtorcon python3-tz
python3-zope.interface
Suggested packages:
firewalld geoip-bin python-acme-doc python-attr-doc python-nacl-doc
python-sqlalchemy-doc python3-fdb python3-pymssql python3-mysqldb
python3-psycopg2 python3-tk python3-pampy python3-qt4 python3-serial
python3-wxgtk2.8 python3-twisted-bin-dbg
The following NEW packages will be installed:
geoip-database globaleaks iptables libgeoip1 libip6tc2
libnetfilter-conntrack3 libnfnetlink0 libsodium23 python3-acme python3-attr
python3-automat python3-bcrypt python3-click python3-colorama
python3-constantly python3-debian python3-geoip python3-gnupg python3-h2
python3-hamcrest python3-hpack python3-hyperframe python3-hyperlink
python3-incremental python3-josepy python3-nacl python3-priority
python3-pyasn1 python3-pyasn1-modules python3-requests-toolbelt
python3-rfc3339 python3-service-identity python3-sqlalchemy
python3-sqlalchemy-ext python3-twisted python3-twisted-bin python3-txtorcon
python3-tz python3-zope.interface
0 upgraded, 39 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.2 MB of archives.
After this operation, 54.2 MB of additional disk space will be used.
Selecting previously unselected package geoip-database.
(Reading database ... 38261 files and directories currently installed.)
Preparing to unpack .../00-geoip-database_20191224-3_all.deb ...
Unpacking geoip-database (20191224-3) ...
Selecting previously unselected package libip6tc2:arm64.
Preparing to unpack .../01-libip6tc2_1.8.7-1_arm64.deb ...
Unpacking libip6tc2:arm64 (1.8.7-1) ...
Selecting previously unselected package libnfnetlink0:arm64.
Preparing to unpack .../02-libnfnetlink0_1.0.1-3+b1_arm64.deb ...
Unpacking libnfnetlink0:arm64 (1.0.1-3+b1) ...
Selecting previously unselected package libnetfilter-conntrack3:arm64.
Preparing to unpack .../03-libnetfilter-conntrack3_1.0.8-3_arm64.deb ...
Unpacking libnetfilter-conntrack3:arm64 (1.0.8-3) ...
Selecting previously unselected package iptables.
Preparing to unpack .../04-iptables_1.8.7-1_arm64.deb ...
Unpacking iptables (1.8.7-1) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../05-python3-josepy_1.2.0-2_all.deb ...
Unpacking python3-josepy (1.2.0-2) ...
Selecting previously unselected package python3-requests-toolbelt.
Preparing to unpack .../06-python3-requests-toolbelt_0.9.1-1_all.deb ...
Unpacking python3-requests-toolbelt (0.9.1-1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../07-python3-tz_2021.1-1_all.deb ...
Unpacking python3-tz (2021.1-1) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../08-python3-rfc3339_1.1-2_all.deb ...
Unpacking python3-rfc3339 (1.1-2) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../09-python3-acme_1.12.0-2_all.deb ...
Unpacking python3-acme (1.12.0-2) ...
Selecting previously unselected package python3-debian.
Preparing to unpack .../10-python3-debian_0.1.39_all.deb ...
Unpacking python3-debian (0.1.39) ...
Selecting previously unselected package python3-hpack.
Preparing to unpack .../11-python3-hpack_4.0.0-2_all.deb ...
Unpacking python3-hpack (4.0.0-2) ...
Selecting previously unselected package python3-hyperframe.
Preparing to unpack .../12-python3-hyperframe_6.0.0-1_all.deb ...
Unpacking python3-hyperframe (6.0.0-1) ...
Selecting previously unselected package python3-h2.
Preparing to unpack .../13-python3-h2_4.0.0-3_all.deb ...
Unpacking python3-h2 (4.0.0-3) ...
Selecting previously unselected package libsodium23:arm64.
Preparing to unpack .../14-libsodium23_1.0.18-1_arm64.deb ...
Unpacking libsodium23:arm64 (1.0.18-1) ...
Selecting previously unselected package python3-nacl.
Preparing to unpack .../15-python3-nacl_1.4.0-1+b1_arm64.deb ...
Unpacking python3-nacl (1.4.0-1+b1) ...
Selecting previously unselected package python3-gnupg.
Preparing to unpack .../16-python3-gnupg_0.4.6-1_all.deb ...
Unpacking python3-gnupg (0.4.6-1) ...
Selecting previously unselected package python3-priority.
Preparing to unpack .../17-python3-priority_1.3.0-3_all.deb ...
Unpacking python3-priority (1.3.0-3) ...
Selecting previously unselected package python3-sqlalchemy.
Preparing to unpack .../18-python3-sqlalchemy_1.3.22+ds1-1_all.deb ...
Unpacking python3-sqlalchemy (1.3.22+ds1-1) ...
Selecting previously unselected package python3-attr.
Preparing to unpack .../19-python3-attr_20.3.0-1_all.deb ...
Unpacking python3-attr (20.3.0-1) ...
Selecting previously unselected package python3-automat.
Preparing to unpack .../20-python3-automat_20.2.0-1_all.deb ...
Unpacking python3-automat (20.2.0-1) ...
Selecting previously unselected package python3-constantly.
Preparing to unpack .../21-python3-constantly_15.1.0-2_all.deb ...
Unpacking python3-constantly (15.1.0-2) ...
Selecting previously unselected package python3-hyperlink.
Preparing to unpack .../22-python3-hyperlink_19.0.0-2_all.deb ...
Unpacking python3-hyperlink (19.0.0-2) ...
Selecting previously unselected package python3-incremental.
Preparing to unpack .../23-python3-incremental_17.5.0-1_all.deb ...
Unpacking python3-incremental (17.5.0-1) ...
Selecting previously unselected package python3-zope.interface.
Preparing to unpack .../24-python3-zope.interface_5.2.0-1_arm64.deb ...
Unpacking python3-zope.interface (5.2.0-1) ...
Selecting previously unselected package python3-twisted-bin:arm64.
Preparing to unpack .../25-python3-twisted-bin_20.3.0-7+deb11u1_arm64.deb ...
Unpacking python3-twisted-bin:arm64 (20.3.0-7+deb11u1) ...
Selecting previously unselected package python3-pyasn1.
Preparing to unpack .../26-python3-pyasn1_0.4.8-1_all.deb ...
Unpacking python3-pyasn1 (0.4.8-1) ...
Selecting previously unselected package python3-pyasn1-modules.
Preparing to unpack .../27-python3-pyasn1-modules_0.2.1-1_all.deb ...
Unpacking python3-pyasn1-modules (0.2.1-1) ...
Selecting previously unselected package python3-service-identity.
Preparing to unpack .../28-python3-service-identity_18.1.0-6_all.deb ...
Unpacking python3-service-identity (18.1.0-6) ...
Selecting previously unselected package python3-hamcrest.
Preparing to unpack .../29-python3-hamcrest_1.9.0-3_all.deb ...
Unpacking python3-hamcrest (1.9.0-3) ...
Selecting previously unselected package python3-bcrypt.
Preparing to unpack .../30-python3-bcrypt_3.1.7-4_arm64.deb ...
Unpacking python3-bcrypt (3.1.7-4) ...
Selecting previously unselected package python3-twisted.
Preparing to unpack .../31-python3-twisted_20.3.0-7+deb11u1_all.deb ...
Unpacking python3-twisted (20.3.0-7+deb11u1) ...
Selecting previously unselected package libgeoip1:arm64.
Preparing to unpack .../32-libgeoip1_1.6.12-7_arm64.deb ...
Unpacking libgeoip1:arm64 (1.6.12-7) ...
Selecting previously unselected package python3-geoip.
Preparing to unpack .../33-python3-geoip_1.3.2-3+b3_arm64.deb ...
Unpacking python3-geoip (1.3.2-3+b3) ...
Selecting previously unselected package python3-txtorcon.
Preparing to unpack .../34-python3-txtorcon_20.0.0-1_all.deb ...
Unpacking python3-txtorcon (20.0.0-1) ...
Selecting previously unselected package globaleaks.
Preparing to unpack .../35-globaleaks_4.10.14_all.deb ...
Unpacking globaleaks (4.10.14) ...
Selecting previously unselected package python3-colorama.
Preparing to unpack .../36-python3-colorama_0.4.4-1_all.deb ...
Unpacking python3-colorama (0.4.4-1) ...
Selecting previously unselected package python3-click.
Preparing to unpack .../37-python3-click_7.1.2-1_all.deb ...
Unpacking python3-click (7.1.2-1) ...
Selecting previously unselected package python3-sqlalchemy-ext:arm64.
Preparing to unpack .../38-python3-sqlalchemy-ext_1.3.22+ds1-1_arm64.deb ...
Unpacking python3-sqlalchemy-ext:arm64 (1.3.22+ds1-1) ...
Setting up python3-attr (20.3.0-1) ...
Setting up python3-gnupg (0.4.6-1) ...
Setting up libsodium23:arm64 (1.0.18-1) ...
Setting up python3-requests-toolbelt (0.9.1-1) ...
Setting up python3-hyperframe (6.0.0-1) ...
Setting up python3-hpack (4.0.0-2) ...
Setting up python3-colorama (0.4.4-1) ...
Setting up python3-zope.interface (5.2.0-1) ...
Setting up libip6tc2:arm64 (1.8.7-1) ...
Setting up python3-bcrypt (3.1.7-4) ...
Setting up python3-automat (20.2.0-1) ...
Setting up python3-twisted-bin:arm64 (20.3.0-7+deb11u1) ...
Setting up python3-hamcrest (1.9.0-3) ...
Setting up python3-click (7.1.2-1) ...
Setting up python3-tz (2021.1-1) ...
Setting up python3-sqlalchemy (1.3.22+ds1-1) ...
Setting up python3-sqlalchemy-ext:arm64 (1.3.22+ds1-1) ...
Setting up python3-priority (1.3.0-3) ...
Setting up python3-incremental (17.5.0-1) ...
Setting up python3-debian (0.1.39) ...
Setting up python3-hyperlink (19.0.0-2) ...
Setting up python3-josepy (1.2.0-2) ...
Setting up libnfnetlink0:arm64 (1.0.1-3+b1) ...
Setting up libgeoip1:arm64 (1.6.12-7) ...
Setting up python3-pyasn1 (0.4.8-1) ...
Setting up python3-constantly (15.1.0-2) ...
Setting up python3-h2 (4.0.0-3) ...
Setting up geoip-database (20191224-3) ...
Setting up python3-rfc3339 (1.1-2) ...
Setting up python3-nacl (1.4.0-1+b1) ...
Setting up python3-acme (1.12.0-2) ...
Setting up python3-pyasn1-modules (0.2.1-1) ...
Setting up python3-service-identity (18.1.0-6) ...
Setting up libnetfilter-conntrack3:arm64 (1.0.8-3) ...
Setting up python3-geoip (1.3.2-3+b3) ...
Setting up iptables (1.8.7-1) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up python3-twisted (20.3.0-7+deb11u1) ...
Setting up python3-txtorcon (20.0.0-1) ...
Setting up globaleaks (4.10.14) ...
Job for globaleaks.service failed because the control process exited with error code.
See "systemctl status globaleaks.service" and "journalctl -xe" for details.
invoke-rc.d: initscript globaleaks, action "restart" failed.
● globaleaks.service - LSB: Start the GlobaLeaks server.
Loaded: loaded (/etc/init.d/globaleaks; generated)
Active: failed (Result: exit-code) since Mon 2023-01-16 16:16:10 CET; 16ms ago
Docs: man:systemd-sysv-generator(8)
Process: 2914 ExecStart=/etc/init.d/globaleaks start (code=exited, status=1/FAILURE)
CPU: 4.145s
Jan 16 16:16:10 Globaleaks globaleaks[2970]: File "/usr/lib/python3/dist-packages/globaleaks/state.py", line 134, in create_directory
Jan 16 16:16:10 Globaleaks globaleaks[2970]: raise excep
Jan 16 16:16:10 Globaleaks globaleaks[2970]: File "/usr/lib/python3/dist-packages/globaleaks/state.py", line 130, in create_directory
Jan 16 16:16:10 Globaleaks globaleaks[2970]: os.mkdir(path)
Jan 16 16:16:10 Globaleaks globaleaks[2970]: PermissionError: [Errno 13] Permission denied: '/var/globaleaks/files'
Jan 16 16:16:10 Globaleaks globaleaks[2914]: failed.
Jan 16 16:16:10 Globaleaks systemd[1]: globaleaks.service: Control process exited, code=exited, status=1/FAILURE
Jan 16 16:16:10 Globaleaks systemd[1]: globaleaks.service: Failed with result 'exit-code'.
Jan 16 16:16:10 Globaleaks systemd[1]: Failed to start LSB: Start the GlobaLeaks server..
Jan 16 16:16:10 Globaleaks systemd[1]: globaleaks.service: Consumed 4.145s CPU time.
dpkg: error processing package globaleaks (--configure):
installed globaleaks package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+rpt2+rpi1+deb11u5) ...
Errors were encountered while processing:
globaleaks
E: Sub-process /usr/bin/dpkg returned an error code (1)Hmm, Same error as above on first Try with disabled apparmor
First check - Webserver not reachable started with sudo globaleaks top shows same intermittend appearance at first glance (maybe a little more CPU load as before with apparmor disabled)
https again reachable onion site not reachable
I'm sorry for this long text, had hoped to figure it out but now I'm back to square one
any idea aprechiated.
DAD405
commented
1 year ago Sorry formatting gone wrong above is there a way to edit old Comments?
evilaliv3
commented
1 year ago Hello.
The apparmor problem seems fixed with my instructions because the application is running but failing.
The error on permissions is happening because probably you have manually loaded some data in /var/globaleaks.
This directory should have the permissions of the user and group: globaleaks
You can fix the permissions with the command:
chown globaleaks:globaleaks /var/globaleaks -R
In relation to your question on the possibility to edit previous comments, you could do it by clicking the three dot icon on the top right of each of your comments. Thank you if you could clean up your previous comments.
DAD405
commented
1 year ago ok tree dot menu showed something about an error earlyer will try to get the mess above more readable
applied your fix chown globaleaks:globaleaks /var/globaleaks -R and just tried a quick install but no complete success permission is fixed indeed
[...]@Globaleaks:~ $ sudo ./install-globaleaks.sh
Running the GlobaLeaks installation...
In case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/GlobaLeaks/issues
Detected OS: Debian - bullseye
Running: "/etc/init.d/globaleaks stop"... SUCCESS
Running: "apt-get -y update"... SUCCESS
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tzdata is already the newest version (2021a-1+deb11u8).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up globaleaks (4.10.14) ...
Current default time zone: 'Europe/Berlin'
Local time is now: Mon Jan 16 17:37:11 CET 2023.
Universal Time is now: Mon Jan 16 16:37:11 UTC 2023.
Running: "apt-get -y install curl gnupg net-tools software-properties-common"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:80"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:443"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8082"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8083"... SUCCESS
+ required TCP sockets open
Adding GlobaLeaks PGP key to trusted APT keys
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 5519 100 5519 0 0 36071 0 --:--:-- --:--:-- --:--:-- 36309
OK
Updating GlobaLeaks apt source.list in /etc/apt/sources.list.d/globaleaks.list ...
Running: "apt-get update -y"... SUCCESS
Running: "apt-get install globaleaks -y"... SUCCESS
Ouch! The installation is complete but GlobaLeaks failed to start.Same Problem persists Able to start manual by sudo globaleaks but no tor
DAD405
commented
1 year ago OK, cleaned up the mess in the Way gone part of my second answer should be mor readable now...
TLDR Status this morning:
No Globaleaks Autostart after a reboot can start globaleaks manualy TOR site not reachable
rebooted System to check Autorun - no success started globaleaks manualy - Website reachable, Tor nor Tryed to start Tor manualy by sudo TOR giving:
[...]@Globaleaks:~ $ sudo tor
Jan 17 10:20:21.057 [notice] Tor 0.4.5.16 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jan 17 10:20:21.057 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jan 17 10:20:21.057 [notice] Read configuration file "/etc/tor/torrc".
Jan 17 10:20:21.061 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 17 10:20:21.061 [warn] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
Jan 17 10:20:21.061 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 17 10:20:21.061 [err] Reading config failed--see warnings above.looks for me like Tor is running... maybe from Manual start? lets verify this rebooted system again to get a clean Base tryed to start TOR, same result
[...]@Globaleaks:~ $ sudo tor
Jan 17 10:22:17.326 [notice] Tor 0.4.5.16 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jan 17 10:22:17.327 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jan 17 10:22:17.327 [notice] Read configuration file "/etc/tor/torrc".
Jan 17 10:22:17.332 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 17 10:22:17.333 [warn] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
Jan 17 10:22:17.333 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 17 10:22:17.334 [err] Reading config failed--see warnings above.started globaleaks manualy by Sudo globaleaks Result: Website reachable - Torsite not found
Any Ideas apreciated
evilaliv3
commented
1 year ago Thank you for your feedback @DAD405
We advice to not try to start either globaleaks or tor manually.
You find Tor already running because tor is correctly auto-started by the system automatically via the init script. GlobaLeaks as well should start automatically and if not you should try to investigate its log to identify the reasons.
Plese check the file /var/globaleaks/log/globaleaks.log
DAD405
commented
1 year ago TLDR Status this time: looks like there is a Tor Problem
Important to note: startup-logs seem to correlate with manual startups at 10:20 and 10:23 from previous post no log at reboot time mentioned before
Below part of the log Leaving a lot of starting factory and stopping factory out looks like this ia the relevant part of /var/globaleaks/log/globaleaks.log
2023-01-17 09:12:21+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f8ac9faf0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f98049970>)
2023-01-17 09:42:21+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f98060820>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f8adb4a90>)
2023-01-17 09:42:21+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f98060820>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f8adb4a90>)
2023-01-17 10:20:16+0100 [-] twistd 20.3.0 (/usr/bin/python3 3.9.2) starting up.
2023-01-17 10:20:16+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2023-01-17 10:20:22+0100 [-] [E] Found an already initialized database version: 63
2023-01-17 10:20:23+0100 [-] Starting factory <Site object at 0x7f938d9bb0>
2023-01-17 10:20:23+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
2023-01-17 10:20:23+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2023-01-17 10:20:23+0100 [-] - [HTTP] --> http://hinweisgeber.i[...]t.de
2023-01-17 10:20:23+0100 [-] - [HTTPS] --> https://hinweisgeber.i[...]t.de
2023-01-17 10:20:23+0100 [-] - [Tor]: --> http://5yfg[...]cxrsumyurrtid.onion
2023-01-17 10:20:23+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f9101d1f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f91798be0>)
2023-01-17 10:20:24+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f9101d1f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f91798be0>)
2023-01-17 10:23:00+0100 [-] twistd 20.3.0 (/usr/bin/python3 3.9.2) starting up.
2023-01-17 10:23:00+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2023-01-17 10:23:06+0100 [-] [E] Found an already initialized database version: 63
2023-01-17 10:23:08+0100 [-] Starting factory <Site object at 0x7faa77e940>
2023-01-17 10:23:08+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
2023-01-17 10:23:08+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2023-01-17 10:23:08+0100 [-] - [HTTP] --> http://hinweisgeber.[...]t.de
2023-01-17 10:23:08+0100 [-] - [HTTPS] --> https://hinweisgeber.i[...]t.de
2023-01-17 10:23:08+0100 [-] - [Tor]: --> http://5yf[...]myurrtid.onion
2023-01-17 10:23:08+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa7ec01f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa862b970>)
2023-01-17 10:23:08+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa7ec01f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa862b970>)
2023-01-17 10:53:08+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa50d3f70>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa5517700>)Would you please post logs of the applications and of dmesg when the application is started using our official init script?
DAD405
commented
1 year ago Sorry for late answer, daily work does not care of this Problem
done a fresh reboot to get clear base dmesg Log after reboot below
[...]@Globaleaks:~ $ dmesg
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083]
[ 0.000000] Linux version 5.15.84-v8+ (dom@buildbot) (aarch64-linux-gnu-gcc-8 (Ubuntu/Linaro 8.4.0-3ubuntu1) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #1613 SMP PREEMPT Thu Jan 5 12:03:08 GMT 2023
[ 0.000000] random: crng init done
[ 0.000000] Machine model: Raspberry Pi 4 Model B Rev 1.1
[ 0.000000] efi: UEFI not found.
[ 0.000000] Reserved memory: created CMA memory pool at 0x000000001ac00000, size 320 MiB
[ 0.000000] OF: reserved mem: initialized node linux,cma, compatible id shared-dma-pool
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000000000000-0x000000003fffffff]
[ 0.000000] DMA32 [mem 0x0000000040000000-0x00000000fbffffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000000000-0x000000003b3fffff]
[ 0.000000] node 0: [mem 0x0000000040000000-0x00000000fbffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x00000000fbffffff]
[ 0.000000] On node 0, zone DMA32: 19456 pages in unavailable ranges
[ 0.000000] On node 0, zone DMA32: 16384 pages in unavailable ranges
[ 0.000000] percpu: Embedded 28 pages/cpu s77336 r8192 d29160 u114688
[ 0.000000] pcpu-alloc: s77336 r8192 d29160 u114688 alloc=28*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3
[ 0.000000] Detected PIPT I-cache on CPU0
[ 0.000000] CPU features: detected: Spectre-v2
[ 0.000000] CPU features: detected: Spectre-v3a
[ 0.000000] CPU features: detected: Spectre-v4
[ 0.000000] CPU features: detected: Spectre-BHB
[ 0.000000] CPU features: kernel page table isolation forced ON by KASLR
[ 0.000000] CPU features: detected: Kernel page table isolation (KPTI)
[ 0.000000] CPU features: detected: ARM erratum 1742098
[ 0.000000] CPU features: detected: ARM errata 1165522, 1319367, or 1530923
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 996912
[ 0.000000] Kernel command line: coherent_pool=1M 8250.nr_uarts=0 snd_bcm2835.enable_compat_alsa=0 snd_bcm2835.enable_hdmi=1 smsc95xx.macaddr=DC:A6:32:46:E4:13 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 console=ttyS0,115200 console=tty1 root=PARTUUID=78b06005-02 rootfstype=ext4 fsck.repair=yes rootwait lsm=apparmor
[ 0.000000] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] software IO TLB: mapped [mem 0x0000000037400000-0x000000003b400000] (64MB)
[ 0.000000] Memory: 3553972K/4050944K available (11520K kernel code, 1956K rwdata, 4136K rodata, 3776K init, 975K bss, 169292K reserved, 327680K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] ftrace: allocating 38065 entries in 149 pages
[ 0.000000] ftrace: allocated 149 pages with 4 groups
[ 0.000000] trace event string verifier disabled
[ 0.000000] rcu: Preemptible hierarchical RCU implementation.
[ 0.000000] rcu: RCU event tracing is enabled.
[ 0.000000] rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
[ 0.000000] Trampoline variant of Tasks RCU enabled.
[ 0.000000] Rude variant of Tasks RCU enabled.
[ 0.000000] Tracing variant of Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[ 0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[ 0.000000] Root IRQ handler: gic_handle_irq
[ 0.000000] GIC: Using split EOI/Deactivate mode
[ 0.000000] irq_brcmstb_l2: registered L2 intc (/soc/interrupt-controller@7ef00100, parent irq: 10)
[ 0.000000] arch_timer: cp15 timer(s) running at 54.00MHz (phys).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0xc743ce346, max_idle_ns: 440795203123 ns
[ 0.000001] sched_clock: 56 bits at 54MHz, resolution 18ns, wraps every 4398046511102ns
[ 0.000327] Console: colour dummy device 80x25
[ 0.000911] printk: console [tty1] enabled
[ 0.000979] Calibrating delay loop (skipped), value calculated using timer frequency.. 108.00 BogoMIPS (lpj=216000)
[ 0.001021] pid_max: default: 32768 minimum: 301
[ 0.001168] LSM: Security Framework initializing
[ 0.001285] AppArmor: AppArmor initialized
[ 0.001500] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[ 0.001578] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[ 0.002844] cgroup: Disabling memory control group subsystem
[ 0.005742] rcu: Hierarchical SRCU implementation.
[ 0.006849] EFI services will not be available.
[ 0.007386] smp: Bringing up secondary CPUs ...
[ 0.008564] Detected PIPT I-cache on CPU1
[ 0.008641] CPU1: Booted secondary processor 0x0000000001 [0x410fd083]
[ 0.009826] Detected PIPT I-cache on CPU2
[ 0.009875] CPU2: Booted secondary processor 0x0000000002 [0x410fd083]
[ 0.011018] Detected PIPT I-cache on CPU3
[ 0.011068] CPU3: Booted secondary processor 0x0000000003 [0x410fd083]
[ 0.011217] smp: Brought up 1 node, 4 CPUs
[ 0.011311] SMP: Total of 4 processors activated.
[ 0.011333] CPU features: detected: 32-bit EL0 Support
[ 0.011352] CPU features: detected: 32-bit EL1 Support
[ 0.011374] CPU features: detected: CRC32 instructions
[ 0.043554] CPU: All CPU(s) started at EL2
[ 0.043649] alternatives: patching kernel code
[ 0.045214] devtmpfs: initialized
[ 0.056339] Enabled cp15_barrier support
[ 0.056406] Enabled setend support
[ 0.056445] KASLR enabled
[ 0.056636] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[ 0.056685] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[ 0.065078] pinctrl core: initialized pinctrl subsystem
[ 0.065893] DMI not present or invalid.
[ 0.066588] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 0.070289] DMA: preallocated 1024 KiB GFP_KERNEL pool for atomic allocations
[ 0.070622] DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[ 0.071562] DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[ 0.071657] audit: initializing netlink subsys (disabled)
[ 0.071950] audit: type=2000 audit(0.068:1): state=initialized audit_enabled=0 res=1
[ 0.072544] thermal_sys: Registered thermal governor 'step_wise'
[ 0.072784] cpuidle: using governor menu
[ 0.073103] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
[ 0.073310] ASID allocator initialised with 32768 entries
[ 0.073477] Serial: AMBA PL011 UART driver
[ 0.085885] bcm2835-mbox fe00b880.mailbox: mailbox enabled
[ 0.112357] raspberrypi-firmware soc:firmware: Attached to firmware from 2023-01-05T10:46:54, variant start
[ 0.116372] raspberrypi-firmware soc:firmware: Firmware hash is 8ba17717fbcedd4c3b6d4bce7e50c7af4155cba9
[ 0.167974] bcm2835-dma fe007000.dma: DMA legacy API manager, dmachans=0x1
[ 0.172229] vgaarb: loaded
[ 0.172773] SCSI subsystem initialized
[ 0.173013] usbcore: registered new interface driver usbfs
[ 0.173080] usbcore: registered new interface driver hub
[ 0.173158] usbcore: registered new device driver usb
[ 0.173529] usb_phy_generic phy: supply vcc not found, using dummy regulator
[ 0.173749] usb_phy_generic phy: dummy supplies not allowed for exclusive requests
[ 0.174057] pps_core: LinuxPPS API ver. 1 registered
[ 0.174082] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 0.174120] PTP clock support registered
[ 0.175562] clocksource: Switched to clocksource arch_sys_counter
[ 0.264113] VFS: Disk quotas dquot_6.6.0
[ 0.264244] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.264452] FS-Cache: Loaded
[ 0.264712] CacheFiles: Loaded
[ 0.265500] AppArmor: AppArmor Filesystem Enabled
[ 0.276514] NET: Registered PF_INET protocol family
[ 0.277057] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear)
[ 0.280610] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear)
[ 0.280698] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ sudo nano 0.280738] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear)
[ 0.280978] TCP bind hash table entries: 32768 (order: 7, 524288 bytes, linear)
[ 0.281471] TCP: Hash tables configured (established 32768 bind 32768)
[ 0.281718] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear)
[ 0.281810] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear)
[ 0.282134] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 0.283144] RPC: Registered named UNIX socket transport module.
[ 0.283178] RPC: Registered udp transport module.
[ 0.283198] RPC: Registered tcp transport module.
[ 0.283217] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 0.283248] PCI: CLS 0 bytes, default 64
[ 0.286008] hw perfevents: enabled with armv8_cortex_a72 PMU driver, 7 counters available
[ 0.286353] kvm [1]: IPA Size Limit: 44 bits
[ 0.287580] kvm [1]: vgic interrupt IRQ9
[ 0.287872] kvm [1]: Hyp mode initialized successfully
[ 1.161871] Initialise system trusted keyrings
[ 1.162283] workingset: timestamp_bits=46 max_order=20 bucket_order=0
[ 1.169171] zbud: loaded
[ 1.171040] FS-Cache: Netfs 'nfs' registered for caching
[ 1.171779] NFS: Registering the id_resolver key type
[ 1.171834] Key type id_resolver registered
[ 1.171855] Key type id_legacy registered
[ 1.171969] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 1.171996] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 1.173173] Key type asymmetric registered
[ 1.173201] Asymmetric key parser 'x509' registered
[ 1.173291] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)
[ 1.173567] io scheduler mq-deadline registered
[ 1.173594] io scheduler kyber registered
[ 1.181913] brcm-pcie fd500000.pcie: host bridge /scb/pcie@7d500000 ranges:
[ 1.181976] brcm-pcie fd500000.pcie: No bus range found for /scb/pcie@7d500000, using [bus 00-ff]
[ 1.182077] brcm-pcie fd500000.pcie: MEM 0x0600000000..0x063fffffff -> 0x00c0000000
[ 1.182172] brcm-pcie fd500000.pcie: IB MEM 0x0000000000..0x00bfffffff -> 0x0400000000
[ 1.229663] brcm-pcie fd500000.pcie: link up, 5.0 GT/s PCIe x1 (SSC)
[ 1.230043] brcm-pcie fd500000.pcie: PCI host bridge to bus 0000:00
[ 1.230074] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 1.230103] pci_bus 0000:00: root bus resource [mem 0x600000000-0x63fffffff] (bus address [0xc0000000-0xffffffff])
[ 1.230205] pci 0000:00:00.0: [14e4:2711] type 01 class 0x060400
[ 1.230463] pci 0000:00:00.0: PME# supported from D0 D3hot
[ 1.234579] pci 0000:01:00.0: [1106:3483] type 00 class 0x0c0330
[ 1.234717] pci 0000:01:00.0: reg 0x10: [mem 0x00000000-0x00000fff 64bit]
[ 1.235153] pci 0000:01:00.0: PME# supported from D0 D3cold
[ 1.251016] pci 0000:00:00.0: BAR 8: assigned [mem 0x600000000-0x6000fffff]
[ 1.251058] pci 0000:01:00.0: BAR 0: assigned [mem 0x600000000-0x600000fff 64bit]
[ 1.251112] pci 0000:00:00.0: PCI bridge to [bus 01]
[ 1.251143] pci 0000:00:00.0: bridge window [mem 0x600000000-0x6000fffff]
[ 1.263123] iproc-rng200 fe104000.rng: hwrng registered
[ 1.263652] vc-mem: phys_addr:0x00000000 mem_base=0x3ec00000 mem_size:0x40000000(1024 MiB)
[ 1.265126] gpiomem-bcm2835 fe200000.gpiomem: Initialised: Registers at 0xfe200000
[ 1.277515] brd: module loaded
[ 1.287179] loop: module loaded
[ 1.288014] Loading iSCSI transport class v2.0-870.
[ 1.293098] bcmgenet fd580000.ethernet: GENET 5.0 EPHY: 0x0000
[ 1.355716] unimac-mdio unimac-mdio.-19: Broadcom UniMAC MDIO bus
[ 1.356839] usbcore: registered new interface driver r8152
[ 1.356920] usbcore: registered new interface driver lan78xx
[ 1.356994] usbcore: registered new interface driver smsc95xx
[ 1.358556] pci 0000:00:00.0: enabling device (0000 -> 0002)
[ 1.358609] xhci_hcd 0000:01:00.0: enabling device (0000 -> 0002)
[ 1.358721] xhci_hcd 0000:01:00.0: xHCI Host Controller
[ 1.358776] xhci_hcd 0000:01:00.0: new USB bus registered, assigned bus number 1
[ 1.359648] xhci_hcd 0000:01:00.0: hcc params 0x002841eb hci version 0x100 quirks 0x0001e40000000890
[ 1.360308] xhci_hcd 0000:01:00.0: xHCI Host Controller
[ 1.360344] xhci_hcd 0000:01:00.0: new USB bus registered, assigned bus number 2
[ 1.360382] xhci_hcd 0000:01:00.0: Host supports USB 3.0 SuperSpeed
[ 1.360798] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.15
[ 1.360836] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 1.360866] usb usb1: Product: xHCI Host Controller
[ 1.360890] usb usb1: Manufacturer: Linux 5.15.84-v8+ xhci-hcd
[ 1.360914] usb usb1: SerialNumber: 0000:01:00.0
[ 1.361645] hub 1-0:1.0: USB hub found
[ 1.361757] hub 1-0:1.0: 1 port detected
[ 1.362763] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.15
[ 1.362802] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 1.362831] usb usb2: Product: xHCI Host Controller
[ 1.362854] usb usb2: Manufacturer: Linux 5.15.84-v8+ xhci-hcd
[ 1.362878] usb usb2: SerialNumber: 0000:01:00.0
[ 1.363581] hub 2-0:1.0: USB hub found
[ 1.363662] hub 2-0:1.0: 4 ports detected
[ 1.365322] dwc_otg: version 3.00a 10-AUG-2012 (platform bus)
[ 1.365641] dwc_otg: FIQ enabled
[ 1.365652] dwc_otg: NAK holdoff enabled
[ 1.365662] dwc_otg: FIQ split-transaction FSM enabled
[ 1.365675] Module dwc_common_port init
[ 1.366219] usbcore: registered new interface driver uas
[ 1.366343] usbcore: registered new interface driver usb-storage
[ 1.366573] mousedev: PS/2 mouse device common for all mice
[ 1.371698] sdhci: Secure Digital Host Controller Interface driver
[ 1.371735] sdhci: Copyright(c) Pierre Ossman
[ 1.372373] sdhci-pltfm: SDHCI platform and OF driver helper
[ 1.375999] ledtrig-cpu: registered to indicate activity on CPUs
[ 1.376636] hid: raw HID events driver (C) Jiri Kosina
[ 1.376809] usbcore: registered new interface driver usbhid
[ 1.376833] usbhid: USB HID core driver
[ 1.377147] ashmem: initialized
[ 1.385784] NET: Registered PF_PACKET protocol family
[ 1.385945] Key type dns_resolver registered
[ 1.387098] registered taskstats version 1
[ 1.387159] Loading compiled-in X.509 certificates
[ 1.387917] Key type .fscrypt registered
[ 1.387947] Key type fscrypt-provisioning registered
[ 1.388091] AppArmor: AppArmor sha1 policy hashing enabled
[ 1.399143] uart-pl011 fe201000.serial: there is not valid maps for state default
[ 1.399478] uart-pl011 fe201000.serial: cts_event_workaround enabled
[ 1.399682] fe201000.serial: ttyAMA0 at MMIO 0xfe201000 (irq = 19, base_baud = 0) is a PL011 rev2
[ 1.408593] bcm2835-wdt bcm2835-wdt: Broadcom BCM2835 watchdog timer
[ 1.409083] bcm2835-power bcm2835-power: Broadcom BCM2835 power domains driver
[ 1.410243] mmc-bcm2835 fe300000.mmcnr: mmc_debug:0 mmc_debug2:0
[ 1.410276] mmc-bcm2835 fe300000.mmcnr: DMA channel allocated
[ 1.444778] of_cfs_init
[ 1.444947] of_cfs_init: OK
[ 1.475762] mmc0: SDHCI controller on fe340000.mmc [fe340000.mmc] using ADMA
[ 1.476114] Waiting for root device PARTUUID=78b06005-02...
[ 1.533722] mmc1: new high speed SDIO card at address 0001
[ 1.577893] mmc0: new ultra high speed DDR50 SDXC card at address aaaa
[ 1.578870] mmcblk0: mmc0:aaaa SN128 119 GiB
[ 1.582229] mmcblk0: p1 p2
[ 1.582799] mmcblk0: mmc0:aaaa SN128 119 GiB (quirks 0x00004000)
[ 1.618960] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
[ 1.619096] VFS: Mounted root (ext4 filesystem) readonly on device 179:2.
[ 1.619605] usb 1-1: new high-speed USB device number 2 using xhci_hcd
[ 1.626709] devtmpfs: mounted
[ 1.634560] Freeing unused kernel memory: 3776K
[ 1.634789] Run /sbin/init as init process
[ 1.634812] with arguments:
[ 1.634821] /sbin/init
[ 1.634831] with environment:
[ 1.634839] HOME=/
[ 1.634848] TERM=linux
[ 1.774252] usb 1-1: New USB device found, idVendor=2109, idProduct=3431, bcdDevice= 4.21
[ 1.774315] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[ 1.774344] usb 1-1: Product: USB2.0 Hub
[ 1.776380] hub 1-1:1.0: USB hub found
[ 1.776714] hub 1-1:1.0: 4 ports detected
[ 2.088627] systemd[1]: System time before build time, advancing clock.
[ 2.286778] NET: Registered PF_INET6 protocol family
[ 2.288719] Segment Routing with IPv6
[ 2.288780] In-situ OAM (IOAM) with IPv6
[ 2.395588] systemd[1]: systemd 247.3-7+deb11u1 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
[ 2.396623] systemd[1]: Detected architecture arm64.
[ 2.410870] systemd[1]: Set hostname to <Globaleaks>.
[ 3.309981] systemd[1]: Queued start job for default target Graphical Interface.
[ 3.314771] systemd[1]: Created slice system-getty.slice.
[ 3.316590] systemd[1]: Created slice system-modprobe.slice.
[ 3.317888] systemd[1]: Created slice system-systemd\x2dfsck.slice.
[ 3.319159] systemd[1]: Created slice system-tor.slice.
[ 3.320402] systemd[1]: Created slice User and Session Slice.
[ 3.321241] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[ 3.322015] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[ 3.323404] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[ 3.323984] systemd[1]: Reached target Local Encrypted Volumes.
[ 3.324490] systemd[1]: Reached target Paths.
[ 3.324912] systemd[1]: Reached target Slices.
[ 3.325306] systemd[1]: Reached target Swap.
[ 3.332177] systemd[1]: Listening on Syslog Socket.
[ 3.333350] systemd[1]: Listening on fsck to fsckd communication Socket.
[ 3.334040] systemd[1]: Listening on initctl Compatibility Named Pipe.
[ 3.335777] systemd[1]: Listening on Journal Audit Socket.
[ 3.336866] systemd[1]: Listening on Journal Socket (/dev/log).
[ 3.338142] systemd[1]: Listening on Journal Socket.
[ 3.340309] systemd[1]: Listening on udev Control Socket.
[ 3.341451] systemd[1]: Listening on udev Kernel Socket.
[ 3.342707] systemd[1]: Condition check resulted in Huge Pages File System being skipped.
[ 3.346756] systemd[1]: Mounting POSIX Message Queue File System...
[ 3.351955] systemd[1]: Mounting RPC Pipe File System...
[ 3.357820] systemd[1]: Mounting Kernel Debug File System...
[ 3.363413] systemd[1]: Mounting Kernel Trace File System...
[ 3.364373] systemd[1]: Condition check resulted in Kernel Module supporting RPCSEC_GSS being skipped.
[ 3.370324] systemd[1]: Starting Restore / save the current clock...
[ 3.375750] systemd[1]: Starting Set the console keyboard layout...
[ 3.382028] systemd[1]: Starting Create list of static device nodes for the current kernel...
[ 3.388408] systemd[1]: Starting Load Kernel Module configfs...
[ 3.394932] systemd[1]: Starting Load Kernel Module drm...
[ 3.401675] systemd[1]: Starting Load Kernel Module fuse...
[ 3.408672] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped.
[ 3.414069] systemd[1]: Starting File System Check on Root Device...
[ 3.424519] systemd[1]: Starting Journal Service...
[ 3.434323] systemd[1]: Starting Load Kernel Modules...
[ 3.440629] systemd[1]: Starting Coldplug All udev Devices...
[ 3.468110] systemd[1]: Mounted POSIX Message Queue File System.
[ 3.471959] systemd[1]: Mounted RPC Pipe File System.
[ 3.473549] systemd[1]: Mounted Kernel Debug File System.
[ 3.478313] systemd[1]: Mounted Kernel Trace File System.
[ 3.481481] systemd[1]: Finished Restore / save the current clock.
[ 3.484991] systemd[1]: Finished Create list of static device nodes for the current kernel.
[ 3.493274] fuse: init (API version 7.34)
[ 3.494547] systemd[1]: modprobe@configfs.service: Succeeded.
[ 3.496213] systemd[1]: Finished Load Kernel Module configfs.
[ 3.503966] systemd[1]: Mounting Kernel Configuration File System...
[ 3.508974] systemd[1]: Started File System Check Daemon to report status.
[ 3.515620] systemd[1]: modprobe@fuse.service: Succeeded.
[ 3.517336] systemd[1]: Finished Load Kernel Module fuse.
[ 3.528396] systemd[1]: Finished Load Kernel Modules.
[ 3.530024] systemd[1]: Mounted Kernel Configuration File System.
[ 3.536399] systemd[1]: Mounting FUSE Control File System...
[ 3.561028] systemd[1]: Starting Apply Kernel Variables...
[ 3.616891] systemd[1]: Mounted FUSE Control File System.
[ 3.642617] systemd[1]: Finished Apply Kernel Variables.
[ 3.650118] systemd[1]: modprobe@drm.service: Succeeded.
[ 3.651780] systemd[1]: Finished Load Kernel Module drm.
[ 3.750488] systemd[1]: Finished File System Check on Root Device.
[ 3.756026] systemd[1]: Starting Remount Root and Kernel File Systems...
[ 3.757105] systemd[1]: Started Journal Service.
[ 3.885225] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null). Quota mode: none.
[ 3.933824] systemd-journald[145]: Received client request to flush runtime journal.
[ 3.938497] systemd-journald[145]: File /var/log/journal/24016df6f9e24cbfb090cfef47a36545/system.journal corrupted or uncleanly shut down, renaming and replacing.
[ 4.996966] mc: Linux media interface: v0.10
[ 5.042252] vc_sm_cma: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.045269] bcm2835_vc_sm_cma_probe: Videocore shared memory driver
[ 5.045306] [vc_sm_connected_init]: start
[ 5.102158] [vc_sm_connected_init]: installed successfully
[ 5.176190] brcmstb-i2c fef04500.i2c: @97500hz registered in polling mode
[ 5.176855] brcmstb-i2c fef09500.i2c: @97500hz registered in polling mode
[ 5.200820] videodev: Linux video capture interface: v2.00
[ 5.315225] snd_bcm2835: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.327473] bcm2835_audio bcm2835_audio: card created with 8 channels
[ 5.342120] bcm2835_mmal_vchiq: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.378428] rpivid_hevc: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.409999] bcm2835_isp: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.415711] rpivid feb10000.codec: Device registered as /dev/video19
[ 5.422235] bcm2835-isp bcm2835-isp: Device node output[0] registered as /dev/video13
[ 5.422856] bcm2835-isp bcm2835-isp: Device node capture[0] registered as /dev/video14
[ 5.423398] bcm2835-isp bcm2835-isp: Device node capture[1] registered as /dev/video15
[ 5.423869] bcm2835-isp bcm2835-isp: Device node stats[2] registered as /dev/video16
[ 5.423909] bcm2835-isp bcm2835-isp: Register output node 0 with media controller
[ 5.423932] bcm2835-isp bcm2835-isp: Register capture node 1 with media controller
[ 5.423950] bcm2835-isp bcm2835-isp: Register capture node 2 with media controller
[ 5.423968] bcm2835-isp bcm2835-isp: Register capture node 3 with media controller
[ 5.432574] bcm2835-isp bcm2835-isp: Device node output[0] registered as /dev/video20
[ 5.433167] bcm2835-isp bcm2835-isp: Device node capture[0] registered as /dev/video21
[ 5.433732] bcm2835-isp bcm2835-isp: Device node capture[1] registered as /dev/video22
[ 5.437095] bcm2835-isp bcm2835-isp: Device node stats[2] registered as /dev/video23
[ 5.437143] bcm2835-isp bcm2835-isp: Register output node 0 with media controller
[ 5.437167] bcm2835-isp bcm2835-isp: Register capture node 1 with media controller
[ 5.437198] bcm2835-isp bcm2835-isp: Register capture node 2 with media controller
[ 5.437215] bcm2835-isp bcm2835-isp: Register capture node 3 with media controller
[ 5.437498] bcm2835-isp bcm2835-isp: Loaded V4L2 bcm2835-isp
[ 5.516146] bcm2835_codec: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.531322] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 5.554190] [drm] Initialized v3d 1.0.0 20180419 for fec00000.v3d on minor 0
[ 5.571776] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 5.628877] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid
[ 5.676015] bcm2835-codec bcm2835-codec: Device registered as /dev/video10
[ 5.676075] bcm2835-codec bcm2835-codec: Loaded V4L2 decode
[ 5.687686] bcm2835-codec bcm2835-codec: Device registered as /dev/video11
[ 5.687745] bcm2835-codec bcm2835-codec: Loaded V4L2 encode
[ 5.716424] bcm2835-codec bcm2835-codec: Device registered as /dev/video12
[ 5.716485] bcm2835-codec bcm2835-codec: Loaded V4L2 isp
[ 5.725537] bcm2835-codec bcm2835-codec: Device registered as /dev/video18
[ 5.725595] bcm2835-codec bcm2835-codec: Loaded V4L2 image_fx
[ 5.729098] bcm2835_v4l2: module is from the staging directory, the quality is unknown, you have been warned.
[ 5.732943] bcm2835-codec bcm2835-codec: Device registered as /dev/video31
[ 5.733002] bcm2835-codec bcm2835-codec: Loaded V4L2 encode_image
[ 6.015886] brcmfmac: F1 signature read @0x18000000=0x15264345
[ 6.046580] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.088196] usbcore: registered new interface driver brcmfmac
[ 6.214052] audit: type=1400 audit(1674040718.803:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=312 comm="apparmor_parser"
[ 6.214111] audit: type=1400 audit(1674040718.803:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_filter" pid=312 comm="apparmor_parser"
[ 6.214148] audit: type=1400 audit(1674040718.803:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_groff" pid=312 comm="apparmor_parser"
[ 6.227172] audit: type=1400 audit(1674040718.815:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lsb_release" pid=315 comm="apparmor_parser"
[ 6.236536] audit: type=1400 audit(1674040718.823:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="system_tor" pid=313 comm="apparmor_parser"
[ 6.240425] audit: type=1400 audit(1674040718.831:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=318 comm="apparmor_parser"
[ 6.240490] audit: type=1400 audit(1674040718.831:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" pid=318 comm="apparmor_parser"
[ 6.248406] audit: type=1400 audit(1674040718.839:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="usr.bin.globaleaks" pid=314 comm="apparmor_parser"
[ 6.328583] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.337537] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Nov 1 2021 00:37:25 version 7.45.241 (1a2f2fa CY) FWID 01-703fd60
[ 6.575805] vc4-drm gpu: bound fe400000.hvs (ops vc4_hvs_ops [vc4])
[ 6.582508] Registered IR keymap rc-cec
[ 6.583347] rc rc0: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0
[ 6.584119] input: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0/input0
[ 6.614284] vc4-drm gpu: bound fef00700.hdmi (ops vc4_hdmi_ops [vc4])
[ 6.630835] Registered IR keymap rc-cec
[ 6.637437] rc rc1: vc4 as /devices/platform/soc/fef05700.hdmi/rc/rc1
[ 6.637774] input: vc4 as /devices/platform/soc/fef05700.hdmi/rc/rc1/input1
[ 6.651451] vc4-drm gpu: bound fef05700.hdmi (ops vc4_hdmi_ops [vc4])
[ 6.652055] vc4-drm gpu: bound fe004000.txp (ops vc4_txp_ops [vc4])
[ 6.652536] vc4-drm gpu: bound fe206000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 6.652897] vc4-drm gpu: bound fe207000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 6.672898] vc4-drm gpu: bound fe20a000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 6.673264] vc4-drm gpu: bound fe216000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 6.673619] vc4-drm gpu: bound fec12000.pixelvalve (ops vc4_crtc_ops [vc4])
[ 6.693411] [drm] Initialized vc4 0.0.0 20140616 for gpu on minor 1
[ 6.693850] vc4-drm gpu: [drm] Cannot find any crtc or sizes
[ 7.129406] uart-pl011 fe201000.serial: no DMA platform data
[ 7.158978] 8021q: 802.1Q VLAN Support v1.8
[ 7.323209] Adding 102396k swap on /var/swap. Priority:-2 extents:2 across:110588k SSFS
[ 7.669808] brcmfmac: brcmf_cfg80211_set_power_mgmt: power save enabled
[ 8.166265] bcmgenet fd580000.ethernet: configuring instance for external RGMII (RX delay)
[ 8.167537] bcmgenet fd580000.ethernet eth0: Link is Down
[ 13.283727] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
[ 13.283768] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 14.405629] ICMPv6: process `dhcpcd' is using deprecated sysctl (syscall) net.ipv6.neigh.eth0.retrans_time - use net.ipv6.neigh.eth0.retrans_time_ms instead
[ 16.120602] Bluetooth: Core ver 2.22
[ 16.120702] NET: Registered PF_BLUETOOTH protocol family
[ 16.120707] Bluetooth: HCI device and connection manager initialized
[ 16.120726] Bluetooth: HCI socket layer initialized
[ 16.120734] Bluetooth: L2CAP socket layer initialized
[ 16.120748] Bluetooth: SCO socket layer initialized
[ 16.129879] Bluetooth: HCI UART driver ver 2.3
[ 16.129902] Bluetooth: HCI UART protocol H4 registered
[ 16.129969] Bluetooth: HCI UART protocol Three-wire (H5) registered
[ 16.130136] Bluetooth: HCI UART protocol Broadcom registered
[ 16.477518] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 16.477538] Bluetooth: BNEP filters: protocol multicast
[ 16.477553] Bluetooth: BNEP socket layer initialized
[ 16.495792] NET: Registered PF_ALG protocol family
[ 16.867706] vc4-drm gpu: [drm] Cannot find any crtc or sizes
[ 31.715641] cam-dummy-reg: disablingStatus at this time: Globaleaks not started automatically.
Tryed again to install using sudo ./install-globaleaks.sh
[...]@Globaleaks:~ $ sudo ./install-globaleaks.sh
Running the GlobaLeaks installation...
In case of failure please report encountered issues to the ticketing system at: https://github.com/globaleaks/GlobaLeaks/issues
Detected OS: Debian - bullseye
Running: "/etc/init.d/globaleaks stop"... SUCCESS
Running: "apt-get -y update"... SUCCESS
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
tzdata is already the newest version (2021a-1+deb11u8).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Current default time zone: 'Europe/Berlin'
Local time is now: Wed Jan 18 12:32:39 CET 2023.
Universal Time is now: Wed Jan 18 11:32:39 UTC 2023.
Running: "apt-get -y install curl gnupg net-tools software-properties-common"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:80"... SUCCESS
Running: "is_tcp_sock_free_check 0.0.0.0:443"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8082"... SUCCESS
Running: "is_tcp_sock_free_check 127.0.0.1:8083"... SUCCESS
+ required TCP sockets open
Adding GlobaLeaks PGP key to trusted APT keys
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 5519 100 5519 0 0 37040 0 --:--:-- --:--:-- --:--:-- 37040
OK
Updating GlobaLeaks apt source.list in /etc/apt/sources.list.d/globaleaks.list ...
Running: "apt-get update -y"... SUCCESS
Running: "apt-get install globaleaks -y"... SUCCESS
Ouch! The installation is complete but GlobaLeaks failed to start.No Entrys at /var/globaleaks/log/globaleaks.log since reboot
2023-01-18 08:53:08+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa5157b80>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa523c1c0>)
2023-01-18 08:53:08+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa5157b80>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa523c1c0>)
2023-01-18 09:23:08+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa5530af0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa51a93a0>)
2023-01-18 09:23:08+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fa5530af0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fa51a93a0>)Could you please point me to the other Applications-Log you need? Did not Know what init script you are refering to.
I'm again able to start globaleaks manualy by sudo globaleaks Status after manual start as before: Website reachable, but no Tor-Site
evilaliv3
commented
1 year ago Thank you @DAD405
I would like to clarify again that you should NEVER run globaleaks manually. By running it manually the application is launched as root and is started improperly. The appliccation as well will end setting improper permissions on the files in /var-/globaleaks cauising subsequent failures.
To solve the issue you should identify why the official init script is not working.
I invite you to stop your current manual run of globaleaks and run:
/etc/init.d/globaleaks restart
Then if globaleaks will fail to start, like the system will inform you, you should run:
journalctl -xe
This command will provide you debug information that could possibly clarify the reason of the failure. Thank you if you could upload this information.
DAD405
commented
1 year ago done a fresh reboot to get clear baseline verified globaleaks is not running
one Try with sudo
admin@Globaleaks:~ $ sudo /etc/init.d/globaleaks restart
Restarting globaleaks (via systemctl): globaleaks.serviceJob for globaleaks.service failed because the control process exited with error code.
See "systemctl status globaleaks.service" and "journalctl -xe" for details.
failed!Output of
[...]@Globaleaks:~ $ sudo journalctl -xe
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has finished with a failure.
░░
░░ The job identifier is 914 and the job result is failed.
Jan 18 16:17:50 Globaleaks systemd[1]: globaleaks.service: Consumed 4.180s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service completed and consumed the indicated resources.
Jan 18 16:17:50 Globaleaks sudo[933]: pam_unix(sudo:session): session closed for user root
Jan 18 16:17:57 Globaleaks sshd[1000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:17:57 Globaleaks sshd[1002]: error: kex_exchange_identification: read: Connection reset by peer
Jan 18 16:17:57 Globaleaks sshd[1002]: Connection reset by 121.173.59.61 port 7310
Jan 18 16:17:59 Globaleaks sshd[1000]: Failed password for root from 61.177.173.49 port 12730 ssh2
Jan 18 16:18:03 Globaleaks sshd[1000]: Failed password for root from 61.177.173.49 port 12730 ssh2
Jan 18 16:18:06 Globaleaks sshd[1000]: Failed password for root from 61.177.173.49 port 12730 ssh2
Jan 18 16:18:06 Globaleaks sshd[1000]: Received disconnect from 61.177.173.49 port 12730:11: [preauth]
Jan 18 16:18:06 Globaleaks sshd[1000]: Disconnected from authenticating user root 61.177.173.49 port 12730 [preauth]
Jan 18 16:18:06 Globaleaks sshd[1000]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:18:09 Globaleaks sshd[1003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:18:11 Globaleaks sshd[1003]: Failed password for root from 61.177.173.49 port 30035 ssh2
Jan 18 16:18:15 Globaleaks sshd[1003]: Failed password for root from 61.177.173.49 port 30035 ssh2
Jan 18 16:18:18 Globaleaks sshd[1003]: Failed password for root from 61.177.173.49 port 30035 ssh2
Jan 18 16:18:18 Globaleaks sshd[1003]: Received disconnect from 61.177.173.49 port 30035:11: [preauth]
Jan 18 16:18:18 Globaleaks sshd[1003]: Disconnected from authenticating user root 61.177.173.49 port 30035 [preauth]
Jan 18 16:18:18 Globaleaks sshd[1003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:18:22 Globaleaks sshd[1005]: Invalid user pi from 195.226.194.142 port 49320
Jan 18 16:18:22 Globaleaks sshd[1005]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:18:22 Globaleaks sshd[1005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 18 16:18:24 Globaleaks sshd[1005]: Failed password for invalid user pi from 195.226.194.142 port 49320 ssh2
Jan 18 16:18:24 Globaleaks sshd[1005]: Received disconnect from 195.226.194.142 port 49320:11: Bye Bye [preauth]
Jan 18 16:18:24 Globaleaks sshd[1005]: Disconnected from invalid user pi 195.226.194.142 port 49320 [preauth]
Jan 18 16:18:38 Globaleaks sshd[1007]: Invalid user ftpuser from 185.81.68.174 port 46003
Jan 18 16:18:38 Globaleaks sshd[1007]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:18:38 Globaleaks sshd[1007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.81.68.174
Jan 18 16:18:41 Globaleaks sshd[1007]: Failed password for invalid user ftpuser from 185.81.68.174 port 46003 ssh2
Jan 18 16:18:41 Globaleaks sshd[1007]: Received disconnect from 185.81.68.174 port 46003:11: Client disconnecting normally [preauth]
Jan 18 16:18:41 Globaleaks sshd[1007]: Disconnected from invalid user ftpuser 185.81.68.174 port 46003 [preauth]
Jan 18 16:19:40 Globaleaks sudo[1009]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Jan 18 16:19:40 Globaleaks sudo[1009]: pam_unix(sudo:session): session opened for user root(uid=0) by [...](uid=1000)another Try without sudo including the journalctl -xe output
[...]@Globaleaks:~ $ /etc/init.d/globaleaks restart
Restarting globaleaks (via systemctl): globaleaks.service==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'globaleaks.service'.
Authenticating as: ,,, ([...])
Password:
==== AUTHENTICATION COMPLETE ===
Job for globaleaks.service failed because the control process exited with error code.
See "systemctl status globaleaks.service" and "journalctl -xe" for details.
failed!
[...]@Globaleaks:~ $ ^C
[...]@Globaleaks:~ $ journalctl -xe
Jan 18 16:26:38 Globaleaks globaleaks[1091]: Starting GlobaLeaks daemon: globaleaksStarting ...Enabling Globaleaks Network Sandboxing...done.
Jan 18 16:26:38 Globaleaks globaleaks[1130]: mkdir: cannot create directory ‘/dev/shm/globaleaks’: File exists
Jan 18 16:26:40 Globaleaks globaleaks[1134]: Unable to start GlobaLeaks: [Errno 13] Permission denied: '/var/globaleaks/globaleaks.pid'
Jan 18 16:26:40 Globaleaks globaleaks[1091]: failed.
Jan 18 16:26:40 Globaleaks systemd[1]: globaleaks.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit globaleaks.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jan 18 16:26:40 Globaleaks systemd[1]: globaleaks.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service has entered the 'failed' state with result 'exit-code'.
Jan 18 16:26:40 Globaleaks systemd[1]: Failed to start LSB: Start the GlobaLeaks server..
░░ Subject: A start job for unit globaleaks.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has finished with a failure.
░░
░░ The job identifier is 984 and the job result is failed.
Jan 18 16:26:40 Globaleaks systemd[1]: globaleaks.service: Consumed 4.176s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service completed and consumed the indicated resources.
Jan 18 16:26:40 Globaleaks polkitd(authority=local)[549]: Unregistered Authentication Agent for unix-process:1082:69956 (system bus name :1.22, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF->
Jan 18 16:26:41 Globaleaks sshd[1135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:26:43 Globaleaks sshd[1135]: Failed password for root from 61.177.173.49 port 13466 ssh2
Jan 18 16:26:47 Globaleaks sshd[1135]: Failed password for root from 61.177.173.49 port 13466 ssh2
Jan 18 16:26:49 Globaleaks sshd[1135]: Failed password for root from 61.177.173.49 port 13466 ssh2
Jan 18 16:26:50 Globaleaks sshd[1135]: Received disconnect from 61.177.173.49 port 13466:11: [preauth]
Jan 18 16:26:50 Globaleaks sshd[1135]: Disconnected from authenticating user root 61.177.173.49 port 13466 [preauth]
Jan 18 16:26:50 Globaleaks sshd[1135]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:26:51 Globaleaks sshd[1143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.49 user=root
Jan 18 16:26:53 Globaleaks sshd[1143]: Failed password for root from 61.177.173.49 port 30631 ssh2
Jan 18 16:26:55 Globaleaks sshd[1143]: Failed password for root from 61.177.173.49 port 30631 ssh2
lines 2693-2735/2735 (END)For Information: the IP-Adresses do not belong to our network, I assume you know
Status now: GLobaleaks not running
evilaliv3
commented
1 year ago Thank you @DAD405 , i confirm that from the logs it appears that some permiossions are now set incorrectly on multiple paths.
i suggest to delete /dev/shm/globaleaks and to change the permissions of /var/globaleaks with the following commands:
chown globaleaks:globaleaks /var/globaleaks -R
This should probably fix your current issue.
After executing these instructions you could try to restart the application and in case of failures it would be interesting to see again the output for journalctl -xe
DAD405
commented
1 year ago TLDR: after mentioned fixes autostart of Globaleaks now working Tor-Site still not working
deleted /dev/shm/globaleaks by sudo rm -r globaleaks in /dev/shm set permissions by sudo chown globaleaks:globaleaks /var/globaleaks -R
tried to restart Application by sudo /etc/init.d/globaleaks restart no errors
[...]@Globaleaks:/dev/shm $
Restarting globaleaks (via systemctl): globaleaks.service.
[...]@Globaleaks:/dev/shm $ ^CGlobaleaks shows up on Top running as User gl[...]le+ Webinterface is reachable Tor-Site not reachable - Onion Site not found
tried sudo /etc/init.d/globaleaks restart again followed by sudo journalctl -xe
[...]@Globaleaks:/dev/shm $ sudo /etc/init.d/globaleaks restart
Restarting globaleaks (via systemctl): globaleaks.service.
[...]@Globaleaks:/dev/shm $ sudo journalctl -xe
░░ The unit globaleaks.service has successfully entered the 'dead' state.
Jan 18 17:31:09 Globaleaks systemd[1]: Stopped LSB: Start the GlobaLeaks server..
░░ Subject: A stop job for unit globaleaks.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit globaleaks.service has finished.
░░
░░ The job identifier is 1128 and the job result is done.
Jan 18 17:31:09 Globaleaks systemd[1]: globaleaks.service: Consumed 25.665s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service completed and consumed the indicated resources.
Jan 18 17:31:09 Globaleaks systemd[1]: Starting LSB: Start the GlobaLeaks server....
░░ Subject: A start job for unit globaleaks.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has begun execution.
░░
░░ The job identifier is 1128.
Jan 18 17:31:11 Globaleaks globaleaks[1790]: Starting GlobaLeaks daemon: globaleaksStarting ...Enabling Globaleaks Network Sandboxing...done.
Jan 18 17:31:11 Globaleaks globaleaks[1829]: mkdir: cannot create directory ‘/dev/shm/globaleaks’: File exists
Jan 18 17:31:13 Globaleaks audit[1833]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/" pid=1833 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Jan 18 17:31:13 Globaleaks kernel: audit: type=1400 audit(1674059473.329:11): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/" pid=1833 comm="globaleaks" requested_mask="r" denied>
Jan 18 17:31:13 Globaleaks globaleaks[1790]: done.
Jan 18 17:31:13 Globaleaks systemd[1]: Started LSB: Start the GlobaLeaks server..
░░ Subject: A start job for unit globaleaks.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has finished successfully.
░░
░░ The job identifier is 1128.
Jan 18 17:31:13 Globaleaks sudo[1750]: pam_unix(sudo:session): session closed for user root
Jan 18 17:31:16 Globaleaks sshd[1841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.52.249.176 user=root
Jan 18 17:31:18 Globaleaks sshd[1841]: Failed password for root from 181.52.249.176 port 55770 ssh2
Jan 18 17:31:19 Globaleaks sshd[1841]: Received disconnect from 181.52.249.176 port 55770:11: Bye Bye [preauth]
Jan 18 17:31:19 Globaleaks sshd[1841]: Disconnected from authenticating user root 181.52.249.176 port 55770 [preauth]
Jan 18 17:31:21 Globaleaks sudo[1850]: [...] : TTY=pts/0 ; PWD=/dev/shm ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Jan 18 17:31:21 Globaleaks sudo[1850]: pam_unix(sudo:session): session opened for user root(uid=0) by [...](uid=1000)
lines 2051-2093/2093 (END)State at this Point Globaleaks running Website reachable. Tor not reachable
done a reboot. step forward: Globaleaks ist autostarting Globaleaks website reachable, Tor-Site not reachable
DAD405
commented
1 year ago TLDR: There was still an Apparmor-Error in the journalctl Tryed to fix it according to https://ixnfo.com/en/solution-apparmor-denied-operation-open-profile-usr-sbin-mysqld.html by sudo nano /etc/apparmor.d/usr.bin.globaleaks and adding /etc/apt/apt.conf.d/ r, and adding /etc/apt/apt.conf.d/* r,
Status by now Globaleaks autostarts on reboot, no further Apparmor Denys in journalctl -xe But TOR-Site still not reachable
sudo nano /etc/apparmor.d/usr.bin.globaleaks adding /etc/apt/apt.conf.d/ r, service apparmor reload On restaring globaleask following journalctl -xe
[...]@Globaleaks:~ $ sudo service apparmor reload
[...]@Globaleaks:~ $ sudo /etc/init.d/globaleaks restart
Restarting globaleaks (via systemctl): globaleaks.service.
[...]@Globaleaks:~ $ sudo journalctl -xe
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service completed and consumed the indicated resources.
Jan 19 16:19:18 Globaleaks systemd[1]: Starting LSB: Start the GlobaLeaks server....
░░ Subject: A start job for unit globaleaks.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has begun execution.
░░
░░ The job identifier is 980.
Jan 19 16:19:20 Globaleaks globaleaks[6171]: Starting GlobaLeaks daemon: globaleaksStarting ...Enabling Globaleaks Network Sandboxing...done.
Jan 19 16:19:20 Globaleaks globaleaks[6210]: mkdir: cannot create directory ‘/dev/shm/globaleaks’: File exists
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/01autoremove" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 ou>
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/01autoremove-kernels" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsui>
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20auto-upgrades" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:19): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/01autoremove" pid=6214 comm="globaleaks" requested_mas>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:20): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/01autoremove-kernels" pid=6214 comm="globaleaks" reque>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:21): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20auto-upgrades" pid=6214 comm="globaleaks" requested_>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:22): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20listchanges" pid=6214 comm="globaleaks" requested_ma>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:23): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20packagekit" pid=6214 comm="globaleaks" requested_mas>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:24): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/50raspi" pid=6214 comm="globaleaks" requested_mask="r">
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:25): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/50unattended-upgrades" pid=6214 comm="globaleaks" requ>
Jan 19 16:19:22 Globaleaks kernel: audit: type=1400 audit(1674141562.152:26): apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/70debconf" pid=6214 comm="globaleaks" requested_mask=">
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20listchanges" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 o>
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/20packagekit" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 ou>
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/50raspi" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/50unattended-upgrades" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsu>
Jan 19 16:19:22 Globaleaks audit[6214]: AVC apparmor="DENIED" operation="open" profile="usr.bin.globaleaks" name="/etc/apt/apt.conf.d/70debconf" pid=6214 comm="globaleaks" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Jan 19 16:19:22 Globaleaks globaleaks[6171]: done.
Jan 19 16:19:22 Globaleaks systemd[1]: Started LSB: Start the GlobaLeaks server..
░░ Subject: A start job for unit globaleaks.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has finished successfully.
░░
░░ The job identifier is 980.
Jan 19 16:19:22 Globaleaks sudo[6130]: pam_unix(sudo:session): session closed for user root
Jan 19 16:19:27 Globaleaks sudo[6222]: [...] : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Jan 19 16:19:27 Globaleaks sudo[6222]: pam_unix(sudo:session): session opened for user root(uid=0) by [...](uid=1000)
lines 1011-1053/1053 (END)Hmm More apparmor- Denied messages trying adding /etc/apt/apt.conf.d/* r, restarting and journalctl -xe
[...]@Globaleaks:~ $ sudo nano /etc/apparmor.d/usr.bin.globaleaks
[...]@Globaleaks:~ $ sudo service apparmor reload
[...]@Globaleaks:~ $ sudo /etc/init.d/globaleaks restart
Restarting globaleaks (via systemctl): globaleaks.service.
[...]@Globaleaks:~ $ sudo journalctl -xe
Jan 19 16:34:42 Globaleaks globaleaks[6392]: .
Jan 19 16:34:42 Globaleaks systemd[1]: globaleaks.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service has successfully entered the 'dead' state.
Jan 19 16:34:42 Globaleaks systemd[1]: Stopped LSB: Start the GlobaLeaks server..
░░ Subject: A stop job for unit globaleaks.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit globaleaks.service has finished.
░░
░░ The job identifier is 1051 and the job result is done.
Jan 19 16:34:42 Globaleaks systemd[1]: globaleaks.service: Consumed 33.797s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit globaleaks.service completed and consumed the indicated resources.
Jan 19 16:34:42 Globaleaks systemd[1]: Starting LSB: Start the GlobaLeaks server....
░░ Subject: A start job for unit globaleaks.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has begun execution.
░░
░░ The job identifier is 1051.
Jan 19 16:34:44 Globaleaks globaleaks[6415]: Starting GlobaLeaks daemon: globaleaksStarting ...Enabling Globaleaks Network Sandboxing...done.
Jan 19 16:34:44 Globaleaks globaleaks[6454]: mkdir: cannot create directory ‘/dev/shm/globaleaks’: File exists
Jan 19 16:34:46 Globaleaks globaleaks[6415]: done.
Jan 19 16:34:46 Globaleaks systemd[1]: Started LSB: Start the GlobaLeaks server..
░░ Subject: A start job for unit globaleaks.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit globaleaks.service has finished successfully.
░░
░░ The job identifier is 1051.
Jan 19 16:34:46 Globaleaks sudo[6375]: pam_unix(sudo:session): session closed for user root
Jan 19 16:34:50 Globaleaks sudo[6468]: [...] : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Jan 19 16:34:50 Globaleaks sudo[6468]: pam_unix(sudo:session): session opened for user root(uid=0) by [...](uid=1000)
lines 1063-1105/1105 (END)Tor-Site still not available relevant Part of sudo cat /var/globaleaks/log/globaleaks.log
2023-01-19 16:12:16+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fb41b8af0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fb431d400>)
2023-01-19 16:12:17+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fb41b8af0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7fb431d400>)
2023-01-19 16:19:15+0100 [-] Stopping factory <Site object at 0x7fb783c220>
2023-01-19 16:19:15+0100 [-] Server Shut Down.
2023-01-19 16:19:22+0100 [-] twistd 20.3.0 (/usr/bin/python3 3.9.2) starting up.
2023-01-19 16:19:22+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2023-01-19 16:19:28+0100 [-] [E] Found an already initialized database version: 63
2023-01-19 16:19:30+0100 [-] Starting factory <Site object at 0x7fb0ff02b0>
2023-01-19 16:19:30+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
2023-01-19 16:19:30+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2023-01-19 16:19:30+0100 [-] - [HTTP] --> http://hinweisgeber.i[...]t.de
2023-01-19 16:19:30+0100 [-] - [HTTPS] --> https://hinweisgeber.i[...]t.de
2023-01-19 16:19:30+0100 [-] - [Tor]: --> http://5yfgfy[...]urrtid.onion
2023-01-19 16:19:30+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fae7311f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7faef32670>)
2023-01-19 16:19:30+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7fae7311f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7faef32670>)
2023-01-19 16:34:40+0100 [-] Stopping factory <Site object at 0x7fb0ff02b0>
2023-01-19 16:34:40+0100 [-] Server Shut Down.
2023-01-19 16:34:46+0100 [-] twistd 20.3.0 (/usr/bin/python3 3.9.2) starting up.
2023-01-19 16:34:46+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2023-01-19 16:34:52+0100 [-] [E] Found an already initialized database version: 63
2023-01-19 16:34:54+0100 [-] Starting factory <Site object at 0x7f8bb7b340>
2023-01-19 16:34:54+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
2023-01-19 16:34:54+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2023-01-19 16:34:54+0100 [-] - [HTTP] --> http://hinweisgeber.i[...]t.de
2023-01-19 16:34:54+0100 [-] - [HTTPS] --> https://hinweisgeber.i[...]t.de
2023-01-19 16:34:54+0100 [-] - [Tor]: --> http://5yfgfyt[...]myurrtid.onion
2023-01-19 16:34:54+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f892bb1f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f89ac11c0>)
2023-01-19 16:34:54+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f892bb1f0>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f89ac11c0>)any Ideas apreciated
evilaliv3
commented
1 year ago The following log error says that the problem is in the fact that Globaleaks is not able to contact Tor on its UNIX socket:
2023-01-19 16:34:54+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
I would check if this file exists and which are the users that can access it.
In the correct configuration the file should exist and be accessible by users in the debian-tor group to which the globaleaks user belongs.
Message ID: @.***>
DAD405
commented
1 year ago Checked for hints.
I can confirm that /var/run/tor/control is not there
[...]@Globaleaks:/var/run/tor $ ls
control.authcookie tor.pidchecked tor is working by curl -x socks5h://localhost:9050 -s https://check.torproject.org/api/ip as described on https://tor.stackexchange.com/questions/12678/how-to-check-if-tor-is-working-and-debug-the-problem-on-cli
[...]@Globaleaks:/var/run/tor $ curl -x socks5h://localhost:9050 -s https://check.torproject.org/api/ip
{"IsTor":true,"IP":"5.2[...]05"}Thank you for your feedback @DAD405
This is then the issue.
Is it possibly that you could have installed Tor manually or changed the configuration?
In order to fix it please check the file /etc/tor/torrc. In a default configuration all should be commented out and Tor should use /var/run/tor/control as unix socket enabling globaleaks to create onion services
DAD405
commented
1 year ago TLDR: In my attemts go get it running again since August 2022 it is very likely I have uninstalled and reinstalled tor manualy at some Point.
File /etc/tor/torrc looks ok, all lines commented out Surprisingly Tor Site was reachable for a short time After a reboot Globaleaks and Tor are running But Network-error connecting to Tor Site reported by Tor Browser
cat /etc/tor/torrc below it looks like all is commented out as mentioned. Please clarify: should there be any reference to /var/run/tor/control in this file?
[...]@Globaleaks:/var/run/tor $ cat /etc/tor/torrc
## Configuration file for a typical Tor user
## Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
## (may or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## https://www.torproject.org/docs/faq#torrc
## Tor opens a socks proxy on port 9050 by default -- even if you don't
## configure one below. Set "SocksPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
#SocksPort 192.168.0.1:9100 # Bind to this address:port too.
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *
## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr
## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
#RunAsDaemon 1
## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
#ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
#CookieAuthentication 1
############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.
## Required: what port to advertise for incoming Tor connections.
#ORPort 9001
## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows. You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise
## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
#Address noname.example.com
## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
# OutboundBindAddress 10.0.0.5
## A handle for your relay, so people don't have to refer to it by key.
#Nickname ididnteditheconfig
## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
#RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting "4 GB" may allow up to 8 GB total before
## hibernating.
##
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GB
## Each period starts daily at midnight (AccountingMax is per day)
#AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
#AccountingStart month 3 15:00
## Administrative contact information for this relay or bridge. This line
## can be used to contact you if your relay or bridge is misconfigured or
## something else goes wrong. Note that we archive and publish all
## descriptors containing these lines and that Google indexes them, so
## spammers might also collect them. You may want to obscure the fact that
## it's an email address and/or generate a new address for this purpose.
#ContactInfo Random Person <nobody AT example dot com>
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
#DirPort 9030 # what port to advertise for directory connections
## If you want to listen on a port other than the one advertised in
## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
## follows. below too. You'll need to do ipchains or other port
## forwarding yourself to make this work.
#DirPort 80 NoListen
#DirPort 127.0.0.1:9091 NoAdvertise
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
## can explain what Tor is if anybody wonders why your IP address is
## contacting them. See contrib/tor-exit-notice.html in Tor's source
## distribution for a sample.
#DirPortFrontPage /etc/tor/tor-exit-notice.html
## Uncomment this if you run more than one Tor relay, and add the identity
## key fingerprint of each Tor relay you control, even if they're on
## different networks. You declare it here so Tor clients can avoid
## using more than one of your relays in a single circuit. See
## https://www.torproject.org/docs/faq#MultipleRelays
## However, you should never include a bridge's fingerprint here, as it would
## break its concealability and potentionally reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...
## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins. If you want to _replace_
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## described in the man page or at
## https://www.torproject.org/documentation.html
##
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
##
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
## For security, by default Tor rejects connections to private (local)
## networks, including to your public IP address. See the man page entry
## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # no exits allowed
## Bridge relays (or "bridges") are Tor relays that aren't listed in the
## main directory. Since there is no complete public list of them, even an
## ISP that filters connections to all the known Tor relays probably
## won't be able to block all the bridges. Also, websites won't treat you
## differently because they won't know you're running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
#BridgeRelay 1
## By default, Tor will advertise your bridge to users through various
## mechanisms like https://bridges.torproject.org/. If you want to run
## a private bridge, for example because you'll give out your bridge
## address manually to your friends, uncomment this line:
#PublishServerDescriptor 0
[...]@Globaleaks:/var/run/tor $strangely now a control file exist in var/run/tor which before not existed
[...]@Globaleaks:/var/run/tor $ ls
control control.authcookie socks tor.pidCould this be invoked by the Test done before by curl? Maybe, I will check for this Hypothesis. first check Globaleaks: website running.... Tor-Site is reachable now. Looks good.
Ok, check for complete autostart of services by reboot.... after the reboot tor and globaleaks show up on top
check globaleaks... Website OK Tor browser now showing network Problem when trying to reach Tor-Site, not site not found as all days before
Try to get some Useful logs: Result is strange
2023-01-20 14:04:54+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f824dbb80>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f88073bb0>)
2023-01-20 14:04:54+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f824dbb80>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f88073bb0>)
2023-01-20 14:26:49+0100 [-] [E] Successfully connected to Tor control port
2023-01-20 14:26:49+0100 [-] [E] [1] Setting up the onion service 5yfgf[...]myurrtid.onion
2023-01-20 14:27:00+0100 [-] [E] [1] Initialization of onion-service 5yfgfyt[...]rrtid.onion completed.
2023-01-20 14:34:54+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f892cb670>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f89a8fe50>)
2023-01-20 14:34:54+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f892cb670>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f89a8fe50>)
2023-01-20 15:04:54+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f89a71a60>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f881433d0>)
2023-01-20 15:04:54+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f89a71a60>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f881433d0>)
2023-01-20 15:24:50+0100 [-] [E] Failed to initialize Tor connection; error: Tor control port not open on /var/run/tor/control; waiting for Tor to become available
2023-01-20 15:25:22+0100 [-] Stopping factory <Site object at 0x7f8bb7b340>
2023-01-20 15:25:22+0100 [-] Server Shut Down.
2023-01-20 15:25:46+0100 [-] twistd 20.3.0 (/usr/bin/python3 3.9.2) starting up.
2023-01-20 15:25:46+0100 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2023-01-20 15:25:52+0100 [-] [E] Found an already initialized database version: 63
2023-01-20 15:25:53+0100 [-] Starting factory <Site object at 0x7f8fe1a070>
2023-01-20 15:25:53+0100 [-] GlobaLeaks is now running and accessible at the following urls:
2023-01-20 15:25:53+0100 [-] - [HTTP] --> http://hinweisgeber.i[...]t.de
2023-01-20 15:25:53+0100 [-] - [HTTPS] --> https://hinweisgeber.i[...]t.de
2023-01-20 15:25:53+0100 [-] - [Tor]: --> http://5yfgfytuc[...]yurrtid.onion
2023-01-20 15:25:53+0100 [-] Starting factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f8dcec310>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f8dd6e310>)
2023-01-20 15:25:54+0100 [-] Stopping factory _HTTP11ClientFactory(<function HTTPConnectionPool._newConnection.<locals>.quiescentCallback at 0x7f8dcec310>, <twisted.internet.endpoints._WrapperEndpoint object at 0x7f8dd6e310>)
2023-01-20 15:25:54+0100 [-] [E] Successfully connected to Tor control port
2023-01-20 15:25:54+0100 [-] [E] [1] Setting up the onion service 5yfg[...]rsumyurrtid.onion
2023-01-20 15:31:05+0100 [-] [E] [1] Initialization of onion-service 5y[...]urrtid.onion completed.according to this should everything be running now, but isn't....
Tor Brower error: (sorry for german)
Die Onion-Seite hat die Verbindung unterbrochen
Die wahrscheinlichste Ursache ist, dass die Onion-Seite offline ist. Wende dich an den Administrator der Onion-Seite.
Der Einstieg ist fehlgeschlagen, d.h. der Deskriptor wurde gefunden, aber der Dienst ist nicht mehr mit dem Einstiegspunkt verbunden. Es ist wahrscheinlich, dass der Dienst seinen Deskriptor geändert hat oder dass er nicht läuft.Google translate of error:
The onion side has lost the connection
The most likely cause is that the onion site is offline. Contact the onion site administrator.
Entry failed, i.e. the descriptor was found, but the service is no longer connected to the entry point. It is likely that the service has changed its descriptor or is not running.Maybe a Tor Problem because of the short Uptime before?
DAD405
commented
1 year ago About half an Hour later the Tor Site is coming online. Looks like everything is working by now.
I will have an eye on it the next days and will verify reboot behavior next week If everyhing is ok next week i will link to this issue in the forum Thread mentiones at the opening It might be helpful to someone else with a similar problem.
Thank you for the great support
DAD405
commented
1 year ago System still working after the weekend Reboot seems to be expected: Http(s) is Up immideately, tor site reachable about some time later. Looks like Tor has to figure aut a new route on reboot, this is okay by me.
Important lessions learnt:
Thank you very much
evilaliv3
commented
1 year ago Thank you for your feedback @DAD405 !
I will close the ticket as it has been addressed. Please feel free to open new ones if you will have any need.
Describe the bug Upgrade-Installation failed due to Apparmor Sandboxing Failure on Raspberry Pi 4 running Debian I'm able to Start globaleaks with sudo globaleaks but it is lacking Tor Support when done this way
To Reproduce sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install globaleaks
Expected behavior Get a working Whistleblower Portal with Tor Site
Screenshots Console Log
Additional context Problem exists for a long Time by now. See https://forum.globaleaks.org/t/problems-after-upgrading-to-4-10-5/732 Today first I tried Downgrade back to 4.9.9 Version as mentioned in the Forum, this does not work at all, globaleaks does not start Initial Problem encountered when Upgrading from an 4.9.x Version to 4.10.5 Raising the issue here because it looks like at this point the forum did not get much attention.
Tryed nearly every Variant I could imagine in removing and reinstalling different Versions of Globaleaks including removing and installing Apparmor, no luck