Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-07-02 Thread Bill Allombert 
On Mon, Apr 27, 2015 at 02:18:28PM +0200, Bill Allombert wrote:
> On Mon, Dec 22, 2014 at 09:54:05AM +0800, Paul Wise wrote:
> > On Mon, Dec 22, 2014 at 2:38 AM, Federico Ceratto wrote:
> > 
> > > Attaching the correct support_tor.diff   :(
> > 
> > I think it would be better to enable sending over Tor by default if
> > the tor service is available on the local host. If the machine has Tor
> > available there is probably no reason to not use it.
> 
> Hello Federico and Paul,
> 
> Would you mind writing a popcon FAQ entry 
> to document this ?
> 
> Also woud you mind sending a popcon report through TOR and the send me a 
> copy of /var/log/popularity-contest.gpg so that I can check the report
> was received correctly ?

Hello, both requests are still pending.
If you like the patch to be included in the next popcon version,
please proceed. I am not in a position to test Tor.

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-04-30 Thread Bill Allombert 
On Thu, Apr 30, 2015 at 05:36:43PM +0100, Federico Ceratto wrote:
> On Mon, Apr 27, 2015 at 1:18 PM, Bill Allombert  wrote:
> > Would you mind writing a popcon FAQ entry 
> > to document this ?
> 
> Sure (I'll be in VAC for 6 weeks tho)
> 
> > 1) USETOR should use the same convention as ENCRYPT: yes/maybe/no instead of
> > always/auto/no
> 
> I see "maybe" as confusing to the user, and being explicit is better,
> especially when it
> comes to security. I would rather suggest avoiding "automatic"
> behavior where possible.

I agree, that what I named it "maybe" to carry the notion that it is not 
entirely reliable (because gpg or tor may be desinstalled by mistake).

The avantage of "maybe" is that it can be set by default, while "yes" cannot.

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-04-30 Thread Federico Ceratto 
On Mon, Apr 27, 2015 at 1:36 PM, Bill Allombert  wrote:
>>> The patch relies on exit nodes to connect to the HTTP service and prevents
>>> SMTP fallback. If a popcon hidden service was to be set up in future, it 
>>> could
>>> be used with:
>>> SUBMITURLS="http://HIDDEN_SERVICE_NAME/cgi-bin/popcon.cgi";
>
> Is such URL valid if TOR is not used ?
> If not and this is implemented, then USETOR=auto will fail if tor is not 
> available,
> so USETOR and USEHTTP will need to be decoupled (and a variable 
> TOR_SUBMITURLS will
> be needed).

Sorry I was talking about an hypothetical popcon onion service that
does not exist yet.
If we'll ever have one we would have to modify popcon to use new TOR_ variables.
At that point we could probably safely use both HTTP and SMTP (with
different URLS)

As long as the onion service is not there I don't see much benefit in
adding support for
it yet or should we?

-- 
Federico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-04-30 Thread Federico Ceratto 
On Mon, Apr 27, 2015 at 1:18 PM, Bill Allombert  wrote:
> Would you mind writing a popcon FAQ entry 
> to document this ?

Sure (I'll be in VAC for 6 weeks tho)

> 1) USETOR should use the same convention as ENCRYPT: yes/maybe/no instead of
> always/auto/no

I see "maybe" as confusing to the user, and being explicit is better,
especially when it
comes to security. I would rather suggest avoiding "automatic"
behavior where possible.

> 2) It is a bit awkward that USETOR depends on USEHTTP. It would seems more
> orthogonal if USETOR was an alternative transport or applied to all other
> transports, or an option for USEHTTP (e.g. USEHTTP=tor).

We are really using HTTP and Tor together in this use case. In future we might
have other secure transports, e.g. USETOR + USEHTTPS.
I would recommend against enabling Tor (using exit nodes!) with every protocol
because some might be quite insecure (e.g. with cleartext SMTP)

> Imagine a large red swirl here.

*imagining*

-- 
Federico


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-04-27 Thread Bill Allombert 
On Mon, Apr 27, 2015 at 02:18:28PM +0200, Bill Allombert wrote:
> 2) It is a bit awkward that USETOR depends on USEHTTP. It would seems more
> orthogonal if USETOR was an alternative transport or applied to all other
> transports, or an option for USEHTTP (e.g. USEHTTP=tor). 
> I realize the interaction between all the piece is more complex than this
> simple model.

To elaborate on that:

You wrote:

>> The patch relies on exit nodes to connect to the HTTP service and prevents
>> SMTP fallback. If a popcon hidden service was to be set up in future, it 
>> could
>> be used with:
>> SUBMITURLS="http://HIDDEN_SERVICE_NAME/cgi-bin/popcon.cgi";

Is such URL valid if TOR is not used ?
If not and this is implemented, then USETOR=auto will fail if tor is not 
available,
so USETOR and USEHTTP will need to be decoupled (and a variable TOR_SUBMITURLS 
will
be needed).

But anyway this can be done in a later release, so it is not an urgent concern.

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-04-27 Thread Bill Allombert 
On Mon, Dec 22, 2014 at 09:54:05AM +0800, Paul Wise wrote:
> On Mon, Dec 22, 2014 at 2:38 AM, Federico Ceratto wrote:
> 
> > Attaching the correct support_tor.diff   :(
> 
> I think it would be better to enable sending over Tor by default if
> the tor service is available on the local host. If the machine has Tor
> available there is probably no reason to not use it.

Hello Federico and Paul,

Would you mind writing a popcon FAQ entry 
to document this ?

Also woud you mind sending a popcon report through TOR and the send me a 
copy of /var/log/popularity-contest.gpg so that I can check the report
was received correctly ?

I have minor comments on your patch:

1) USETOR should use the same convention as ENCRYPT: yes/maybe/no instead of
always/auto/no

2) It is a bit awkward that USETOR depends on USEHTTP. It would seems more
orthogonal if USETOR was an alternative transport or applied to all other
transports, or an option for USEHTTP (e.g. USEHTTP=tor). 
I realize the interaction between all the piece is more complex than this
simple model.

I will probably not be able to add your patch to 1.62 but I will try to release
1.63 soon after.

Thanks for your contribution!
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2015-01-02 Thread Paul Wise 
On Sat, Jan 3, 2015 at 3:02 AM, Federico Ceratto wrote:

> Here is an updated version of the patch: now it checks for torsocks and it
> supports a 3-state variable to enable Tor: yes/auto/no. The difference between
> "always" and "auto" is that "always" prevents any fallback in case Tor cannot
> be used.

The patch looks good to me!

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: popularity-contest: Patch to enable Tor support

2015-01-02 Thread Federico Ceratto 
Package: popularity-contest
Version: 1.61
Followup-For: Bug #773663

Here is an updated version of the patch: now it checks for torsocks and it
supports a 3-state variable to enable Tor: yes/auto/no. The difference between
"always" and "auto" is that "always" prevents any fallback in case Tor cannot
be used.

Bye,
--
Federico
diff --git a/debian/control b/debian/control
index 2bf1d82..225d37e 100644
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,7 @@ Architecture: all
 Pre-Depends: debconf (>= 1.5.34) | cdebconf (>= 0.106)
 Depends: ${misc:Depends}, ${perl:Depends}, dpkg (>= 1.10), libio-socket-ip-perl (>= 0.25-3)
 Recommends: gnupg, cron | fcron, exim4 | mail-transport-agent
-Suggests: anacron
+Suggests: anacron, tor, torsocks
 Provides: popcon
 Description: Vote for your favourite packages automatically
  The popularity-contest package sets up a cron job that will
diff --git a/debian/cron.daily b/debian/cron.daily
index c45bccb..f7b2dad 100644
--- a/debian/cron.daily
+++ b/debian/cron.daily
@@ -12,8 +12,39 @@ unset MY_HOSTID
 unset PARTICIPATE
 unset SUBMITURLS
 unset USEHTTP
+unset USETOR
 unset MTAOPS
 
+TORIFY_PATH=/usr/bin/torify
+
+torify_enabled() {
+# Return 1 to enable torify for HTTP submission, otherwise 0; exit on error
+TORSOCKS_PATH=/usr/bin/torsocks
+[ -f "$TORIFY_PATH" ] && [ -f "$TORSOCKS_PATH" ] && TOR_AVAILABLE=1
+
+case "$USETOR" in
+"always")
+if [ -z $TOR_AVAILABLE ]; then
+echo "popularity-contest: USETOR is set but torify is not available." 2>&1
+echo "popularity-contest: Please install the tor and torsocks packages." 2>&1
+exit 1
+fi
+if [ "yes" != "$USEHTTP" ]; then
+echo "popularity-contest: when USETOR is set USEHTTP must be set as well" 2>&1
+exit 1
+fi
+return 0
+;;
+"auto")
+[ "yes" = "$USEHTTP" ] && [ ! -z $TOR_AVAILABLE ] && return 0
+return 1
+;;
+"no")
+return 1
+;;
+esac
+}
+
 # get configuration information
 . /usr/share/popularity-contest/default.conf
 . /etc/popularity-contest.conf
@@ -31,6 +62,14 @@ if [ -z "$MAILTO" ] && [ "yes" != "$USEHTTP" ]; then exit 0; fi
 # don't run if PARTICIPATE is "no" or unset!
 if [ "$PARTICIPATE" = "no" ] || [ -z "$PARTICIPATE" ]; then exit 0; fi
 
+# enable torify
+if torify_enabled; then
+TORIFY=$TORIFY_PATH
+else
+TORIFY=''
+fi
+
+
 if [ -n "$HTTP_PROXY" ]; then
   export http_proxy="$HTTP_PROXY";
 fi
@@ -98,7 +137,7 @@ SUBMITTED=no
 # try to post the report through http POST
 if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
 for URL in $SUBMITURLS ; do
-	if setsid /usr/share/popularity-contest/popcon-upload \
+	if setsid $TORIFY /usr/share/popularity-contest/popcon-upload \
 	-u $URL -f $POPCON 2>/dev/null ; then
 		SUBMITTED=yes
 	else
@@ -108,8 +147,9 @@ if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
 fi
 
 # try to email the popularity contest data
+# skip emailing if USETOR is set
 
-if [ yes != "$SUBMITTED" ] && [ "$MAILTO" ]; then
+if [ yes != "$SUBMITTED" ] && [ yes != "$USETOR" ] && [ "$MAILTO" ]; then
 if [ -x "`which sendmail 2>/dev/null`" ]; then
 	(
 	if [ -n "$MAILFROM" ]; then
diff --git a/default.conf b/default.conf
index 433bc14..2474f45 100644
--- a/default.conf
+++ b/default.conf
@@ -51,6 +51,16 @@ SUBMITURLS="http://popcon.debian.org/cgi-bin/popcon.cgi";
 # USEHTTP enables http reporting.   Set this to 'yes' to enable it.
 USEHTTP="yes"
 
+# USETOR enables using Tor to perform http reporting.
+# In order to use Tor also set USEHTTP to "yes" and ensure that the
+# "tor" and "sockproxy" packages are installed and the tor daemon
+# is running. More information: https://www.torproject.org/
+# Supported values:
+#   always: use Tor; exit with error if not available.
+#   auto: use Tor if available.
+#   no: do not use Tor.
+USETOR="auto"
+
 # HTTP_PROXY allows to specify an HTTP proxy server, the syntax is
 # HTTP_PROXY="http://proxy:port";. This overrides the environment
 # variable http_proxy.

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2014-12-21 Thread Paul Wise 
On Mon, Dec 22, 2014 at 2:38 AM, Federico Ceratto wrote:

> Attaching the correct support_tor.diff   :(

FYI the availability of torify doesn't mean the right packages are
installed, since tor only recommends torsocks and turning off
recommends is relatively popular amongst Debian users.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: [Popcon-developers] Bug#773663: popularity-contest: Patch to enable Tor support

2014-12-21 Thread Paul Wise 
On Mon, Dec 22, 2014 at 2:38 AM, Federico Ceratto wrote:

> Attaching the correct support_tor.diff   :(

I think it would be better to enable sending over Tor by default if
the tor service is available on the local host. If the machine has Tor
available there is probably no reason to not use it.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: popularity-contest: Patch to enable Tor support

2014-12-21 Thread Bill Allombert 
On Sun, Dec 21, 2014 at 06:31:33PM +, Federico Ceratto wrote:
> Package: popularity-contest
> Version: 1.61
> Severity: wishlist
> 
> Hi,
> 
> Attached is a small patch to enable popcon submissions over Tor.
> It might help https://trac.torproject.org/projects/tor/ticket/13154
> Even with GnuPG encryption, regular HTTP submissions leaks the presence
> of a Debian[-derivative] OS and this could also be used to enumerate
> Debian hosts in a network; Also, popcon-upload could be forced to fall-back to
> SMTP and leak more information in the headers.
> 
> The patch relies on exit nodes to connect to the HTTP service and prevents
> SMTP fallback. If a popcon hidden service was to be set up in future, it could
> be used with:
> SUBMITURLS="http://HIDDEN_SERVICE_NAME/cgi-bin/popcon.cgi";

Hello Federico,

For some reason, your patch is empty: all I have is

commit 58af819641e879260b180558cac56cfd3f5d7333
Author: Federico Ceratto 
Date:   Sun Dec 21 16:49:16 2014 +

Add Tor support

:100644 100644 2bf1d82... dbe674a... M  debian/control
:100644 100644 c45bccb... f3feaa7... M  debian/cron.daily
:100644 100644 433bc14... 718aa99... M  default.conf

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773663: popularity-contest: Patch to enable Tor support

2014-12-21 Thread Federico Ceratto 
Attaching the correct support_tor.diff   :(

-- 
Federico
diff --git a/debian/control b/debian/control
index 2bf1d82..dbe674a 100644
--- a/debian/control
+++ b/debian/control
@@ -14,7 +14,7 @@ Architecture: all
 Pre-Depends: debconf (>= 1.5.34) | cdebconf (>= 0.106)
 Depends: ${misc:Depends}, ${perl:Depends}, dpkg (>= 1.10), 
libio-socket-ip-perl (>= 0.25-3)
 Recommends: gnupg, cron | fcron, exim4 | mail-transport-agent
-Suggests: anacron
+Suggests: anacron, tor
 Provides: popcon
 Description: Vote for your favourite packages automatically
  The popularity-contest package sets up a cron job that will
diff --git a/debian/cron.daily b/debian/cron.daily
index c45bccb..f3feaa7 100644
--- a/debian/cron.daily
+++ b/debian/cron.daily
@@ -12,6 +12,7 @@ unset MY_HOSTID
 unset PARTICIPATE
 unset SUBMITURLS
 unset USEHTTP
+unset USETOR
 unset MTAOPS
 
 # get configuration information
@@ -31,6 +32,24 @@ if [ -z "$MAILTO" ] && [ "yes" != "$USEHTTP" ]; then exit 0; 
fi
 # don't run if PARTICIPATE is "no" or unset!
 if [ "$PARTICIPATE" = "no" ] || [ -z "$PARTICIPATE" ]; then exit 0; fi
 
+# enable torify
+TORIFY_PATH=/usr/bin/torify
+if [ "$USETOR" = "yes" ]; then
+if [ "yes" != "$USEHTTP" ]; then
+echo "popularity-contest: when USETOR is set USEHTTP must be set as 
well" 2>&1
+exit 1
+fi
+if [ ! -x $TORIFY_PATH ]; then
+echo "popularity-contest: USETOR is set but torify is not available." 
2>&1
+echo "popularity-contest: Please install the tor package." 2>&1
+exit 1
+fi
+TORIFY=$TORIFY_PATH
+else
+TORIFY=''
+fi
+
+
 if [ -n "$HTTP_PROXY" ]; then
   export http_proxy="$HTTP_PROXY";
 fi
@@ -98,7 +117,7 @@ SUBMITTED=no
 # try to post the report through http POST
 if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
 for URL in $SUBMITURLS ; do
-   if setsid /usr/share/popularity-contest/popcon-upload \
+   if setsid $TORIFY /usr/share/popularity-contest/popcon-upload \
-u $URL -f $POPCON 2>/dev/null ; then
SUBMITTED=yes
else
@@ -108,8 +127,9 @@ if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
 fi
 
 # try to email the popularity contest data
+# skip emailing if USETOR is set
 
-if [ yes != "$SUBMITTED" ] && [ "$MAILTO" ]; then
+if [ yes != "$SUBMITTED" ] && [ yes != "$USETOR" ] && [ "$MAILTO" ]; then
 if [ -x "`which sendmail 2>/dev/null`" ]; then
(
if [ -n "$MAILFROM" ]; then
diff --git a/default.conf b/default.conf
index 433bc14..718aa99 100644
--- a/default.conf
+++ b/default.conf
@@ -51,6 +51,14 @@ SUBMITURLS="http://popcon.debian.org/cgi-bin/popcon.cgi";
 # USEHTTP enables http reporting.   Set this to 'yes' to enable it.
 USEHTTP="yes"
 
+# USETOR enables using Tor to perform http reporting.
+# In order to use it, set it to "yes" and set USEHTTP to "yes as well.
+# Also ensure that the "tor" package is installed and the tor daemon
+# is running.
+# When USETOR is set, email-based submission is disabled.
+# More information: https://www.torproject.org/
+USETOR="no"
+
 # HTTP_PROXY allows to specify an HTTP proxy server, the syntax is
 # HTTP_PROXY="http://proxy:port";. This overrides the environment
 # variable http_proxy.