> On Feb 5, 2023, at 4:05 PM, segfault <segfa...@riseup.net> wrote:
>
> Hi,
>
> David A. Wheeler:
>>> On Feb 4, 2023, at 2:18 PM, David A. Wheeler <dwhee...@dwheeler.com> wrote:
>>>
>>> Currently Tails includes and supports wget. I propose *also* adding support
>>> for curl.
>> Replying to myself, I think there's a slightly better way to automatically
>> support curl.
>> I previously proposed setting the "ALL_PROXY" environment variable, but the
>> best
>> setting for curl using ALL_PROXY uses prefixes that might confuse other tools
>> that might *also* read from ALL_PROXY.
>> So instead I propose this, to make Tails automatically support curl, while
>> not
>> interfering with any other program.
>
> You can also make Tails install curl automatically via the Additional
> Software feature.
That *installs* curl automatically, but it doesn't *work* without special
effort.
Instead, curl just fails. That's true if you call it directly, *or* if it's
called
indirectly (by the many additional programs that use curl to download
something).
Currently you have to take additional steps instead of simply using it as
usual, and
that's what I would like to fix. If you have to type in anything extra, that's
a problem.
After all, you don't have to type in anything special for wget.
> You might want to try `torsocks --isolate curl` (I didn't test it but that's
> often enough to make any program use Tor).
Currently torsocks is never mentioned in the Tails user documentation,
so a typical Tails user has a good chance of not knowing about it. (yes,
torsocks *is*
mentioned in the design docs, but that doesn't count as *user* documentation
:-) ).
So: No matter what, documenting that "additional programs"
might need to use torsocks (and how to use it) would be a good idea.
However, in the case of *curl*, using torsocks has drawbacks.
The torsocks program uses the LD_PRELOAD trick that is
sometimes unreliable and is *completely*
unnecessary for curl. Curl already knows how to use SOCKS5
natively, has many SOCKS options, and curl listens to the resolver
configuration.
The only advantage I can see to using torsocks is its --isolate option.
If the torsocks --isolate option really is valuable, then I think that simply
invoking "curl" should automatically invoke its equivalent,
without the user needing to know about torsocks.
How exactly does torsocks implement --isolate to create isolation? It looks like
it just creates a new SOCKS username/pw each time. Maybe we can
do the same thing without needing to use LD_PRELOAD tricks.
The only way I can see of make curl "just work" with torsocks --isolate
is to use a wrapping technique similar to the one used for wget. But maybe
there's another way, since I don't fully grok the --isolate mechanism.
--- David A. Wheeler
_______________________________________________
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
