{5} Accepted, Active Tickets by Owner (Full Description) (73 matches)

List tickets accepted, group by ticket owner. This report demonstrates the use of full-row display.

Cthulhu (2 matches)

Ticket Summary Component Milestone Type Created
#13473 Sort Existing GoodBadISP page into tables Community/Relays task Oct 19, 2014

The existing GoodBadISP tables need sorting into the new format. All opinions, feedback and communications to that ISP must go in the correct section on ISPCorrespondence page to keep the primary page clean and to the point since it will grow substantially over time.

The new format should be available soon after this ticket is posted as it will be done for the US hosts (good experiences).

#13421 GoodBadISP's Revamp Community/Relays project Oct 15, 2014

Following a discussion on the mailing list [1] the GoodBadISP page could do with some updating and proper arranging.

Some of the categories I have in mind to make available in the table format are as follows: Country, Company Name, ASN, Bridges Allowed, Relays Allowed, Exits Allowed, Last Updated, Correspondence.

Would "Bridges Allowed" be a redundant measure since they won't be in the public sphere?

Moritz @ Torservers already has done a fair deal of work, some is outdated or could use an update though but it's a good place to start our focus and give inspiration where needed. [2] [3] [4]

[1] https://lists.torproject.org/pipermail/tor-relays/2014-October/005493.html

[2] https://www.torservers.net/wiki/hoster/experience

[3] https://www.torservers.net/wiki/hoster/inquiry

[4] https://www.torservers.net/wiki/hoster/index

Note: Those wishing to assist on this project please feel free to CC yourself in and keep an eye on the child tickets. I can be found under the pseudonym "TheCthulhu" on IRC or contacted at thecthulhu <at> riseup <dot> net if you wish to ask me directly what to work on next. If this is the first time you've assisted using Trac or the Tor Wiki, don't hesitate to ask for help.

Hello71 (1 match)

Ticket Summary Component Milestone Type Created
#22233 Reconsider behavior on .z URLs with Accept-Encoding header Core Tor/Tor Tor: unspecified defect May 11, 2017

In proposal 278, I said:

  If a directory server receives a request to a document with the ".z"
  suffix, where the client does not include an "Accept-Encoding" header,
  the server should respond with the zlib compressed version of the
  document for backwards compatibility with client that does not support
  this proposal.

But on #22206 it became apparent that we've got a problem there: there are already tools (built e.g. on wget) that ask for the .z URL but which send "Accept-Encodings: Identity."

And onn #22206, Yawning says:

an error (or a double compressed payload) should be returned when the .z request contains an Accept-Encoding header that specifies anything other than identity/deflate.

We'd like the end result here to be something where new Tor clients can interoperate with older directory caches without breaking anything, and getting the new compression type if they support it. And we certainly don't want anybody doing two layers of compression: that's a waste of cycles. But we should see if there's a way where we can be more standards compliant without breaking anything we care about.

Jaruga (3 matches)

Ticket Summary Component Milestone Type Created
#24872 remove outdated tor relay security recommendations and update these wiki pages Community/Relays defect Jan 11, 2018

While working on #24497 I wanted to link to existing security related recommendations and found:

https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity

IMHO these are severely outdated and give bad advises.

I'm proposing to remove some outdated content and if no one disagrees I'll proceed soon. I'll send email to tor-dev about this.

#20537 Tor Browser User Manual needs meta section Community/Tor Browser Manual defect Nov 2, 2016

The Tor Browser User Manual on https://tb-manual.torproject.org/windows/en-US/ needs a section covering

a) where to find the source, b) how it is licensed, and c) where and how to report bugs.


#13703 Adding doc/HARDENING Community Tor: unspecified enhancement Nov 7, 2014

The two text files currently in the doc directory are doc/HACKING and doc/TUNING. The latter is the only one that deals with relay operation, and its subject is oddly specific: increasing the maximum number of file descriptors. If we're going to put critical documentation in the codebase, I think it would also be worthwhile to have a basic hardening guide. It could include suggestions like:

  • allowing only public key non-root SSH login
  • using a firewall
  • keeping your system up-to-date
  • not running any other programs (especially networked ones)
  • considering hardened or security-focused OS choices

Nick suggested that most of the actual information be contained in referenced links, which I agree with. There's no good reason to duplicate effort when there are, for example, so many good SSH hardening guides.

Let me know what you think, or if you have any contributions. If this is generally considered a good idea, I can start writing a draft.

Jkee299 (1 match)

Ticket Summary Component Milestone Type Created
#28541 Exit HTTPS Everywhere project Nov 20, 2018


MB (1 match)

Ticket Summary Component Milestone Type Created
#9328 o2online.de Live Check not working with enabled SSL strictness HTTPS Everywhere/EFF-HTTPS Everywhere defect Jul 25, 2013

With enabled HTTPS Everywhere, http://www.o2online.de/microsite/o2-netz/live-check/ does not load additional JavaScript from a non-SSL CDN

acute (1 match)

Ticket Summary Component Milestone Type Created
#33974 Update OnionPerf to TGen 1.0.0 Metrics/Onionperf enhancement Apr 23, 2020

TGen 1.0.0 comes with a "change in the format of some of the configuration options that breaks compatibility with the previous version 0.0.1."

I tried to update OnionPerf to write out TGen files that TGen 1.0.0 understands. Here's the diff:

diff --git a/onionperf/model.py b/onionperf/model.py
index 3c057c5..90c824e 100644
--- a/onionperf/model.py
+++ b/onionperf/model.py
@@ -77,9 +77,9 @@ class TorperfModel(GeneratableTGenModel):
         if self.socksproxy is not None:
             g.node["start"]["socksproxy"] = self.socksproxy
         g.add_node("pause", time="5 minutes")
-        g.add_node("transfer50k", type="get", protocol="tcp", size="50 KiB", timeout="295 seconds", stallout="300 seconds")
-        g.add_node("transfer1m", type="get", protocol="tcp", size="1 MiB", timeout="1795 seconds", stallout="1800 seconds")
-        g.add_node("transfer5m", type="get", protocol="tcp", size="5 MiB", timeout="3595 seconds", stallout="3600 seconds")
+        g.add_node("stream50k", recvsize="50 KiB", timeout="295 seconds", stallout="300 seconds")
+        g.add_node("stream1m", recvsize="1 MiB", timeout="1795 seconds", stallout="1800 seconds")
+        g.add_node("stream5m", recvsize="5 MiB", timeout="3595 seconds", stallout="3600 seconds")
         g.add_edge("start", "pause")
@@ -88,9 +88,9 @@ class TorperfModel(GeneratableTGenModel):
         g.add_edge("pause", "pause")
         # these are chosen with weighted probability, change edge 'weight' attributes to adjust probability
-        g.add_edge("pause", "transfer50k", weight="12.0")
-        g.add_edge("pause", "transfer1m", weight="2.0")
-        g.add_edge("pause", "transfer5m", weight="1.0")
+        g.add_edge("pause", "stream50k", weight="12.0")
+        g.add_edge("pause", "stream1m", weight="2.0")
+        g.add_edge("pause", "stream5m", weight="1.0")
         return g
@@ -109,10 +109,10 @@ class OneshotModel(GeneratableTGenModel):
         g.add_node("start", serverport=self.tgen_port, peers=server_str, loglevel="info", heartbeat="1 minute")
         if self.socksproxy is not None:
             g.node["start"]["socksproxy"] = self.socksproxy
-        g.add_node("transfer5m", type="get", protocol="tcp", size="5 MiB", timeout="15 seconds", stallout="10 seconds")
+        g.add_node("stream5m", recvsize="5 MiB", timeout="15 seconds", stallout="10 seconds")
-        g.add_edge("start", "transfer5m")
-        g.add_edge("transfer5m", "start")
+        g.add_edge("start", "stream5m")
+        g.add_edge("stream5m", "start")
         return g

I'll let an OnionPerf instance run for a day to see at the output, also to see if we need to make adjustments to OnionPerf's analyze mode due to slightly changed log messages.

Until then, do these changes above look reasonable? Or did I miss something? Thanks!

anarcat (3 matches)

Ticket Summary Component Milestone Type Created
#33406 automate reboots Internal Services/Tor Sysadmin Team project Feb 20, 2020

in #31957 we have worked on automating upgrades, but that's only part of the problem. we also need to reboot in some situations.

we have various mechanisms to do so right now:

  • tsa-misc/reboot-host - reboot script for kvm boxes, kind of a mess, to be removed when we finish the kvm-ganeti migration
  • tsa-misc/reboot-guest - reboot a single host. kind of a hack, but useful to reboot a single machine
  • misc/multi-tool/torproject-reboot-simple - iterate over all hosts with rebootPolicy=justdoit in LDAP and reboot them with torproject-reboot-many
  • misc/multi-tool/torproject-reboot-rotation - iterate over all hosts with rebootPolicy=rotation in LDAP and reboot them with torproject-reboot-many, with a 30 minute delay between each host
  • ganeti-reboot-cluster - a tool to reboot the ganeti cluster

There are various problems with all this:

  • the torproject-reboot-* scripts do not take care of rebootPolicy=manual hosts
  • the ganeti-reboot-cluster script has been known to fail if a cluster is unbalanced
  • the ganeti-reboot-cluster script currently fails when hosts talk to each other over IPv6 somehow (see #33412)
  • we have 5 different ways of performing reboots, we should have just one script that does it all
  • reboot-{host,guest} do not check if hosts need reboot before rebooting (but the multi-tool does)

In short, this is kind of a mess, and we should refactor this. We should consider using needrestart, which knows how to reboot individual hosts.

I also added a feature request to the needrestart puppet module to expose its knowledge as a puppet fact, so we can use that information from PuppetDB instead of SSH'ing in each host and calling the dsa-* tools.

#30608 Have a SMTP out only server Internal Services/Tor Sysadmin Team enhancement May 24, 2019

I do use my @tpo email address for many communications outside torproject lists or @tpo people.

Lately, I discovered that many of my emails were silent drop by the remote server or put in SPAM. And that was because the person came back to me asking where was my email. For instance, gmail sometimes put it in the SPAM still because we lack DKIM/SPF so it hurts our reputation.

Th reason why is quite simple: I use my own SMTP server to send the emails while forging the From address.

It would honestly be of a great help if we could simply have an authenticated SMTP server that I could use with let say my LDAP account for sending emails with my @tpo and not being worried that it gets dropped...

The steps required for this change are:

  1. [x] create a new field (emailPassword?) in the LDAP schema (done)
  2. [x] setup a separate email server to accept submissions and keep mail servers aware that not only eugeni sends email
  3. [ ] hook up the password field as authentication in Postfix in the server (probably through ud-generate?)
  4. [ ] test with TPA users that can modify their own password directly through LDAP
  5. [ ] update the web interface (to support changing the field as well?)
  6. [ ] optionally, update the mail gateway to support changes to the field
  7. [ ] do tests with the users in this ticket, and if this works, propagate to all current LDAP users
  8. [ ] create LDAP accounts for more users who want to use the system
  9. [ ] add monitoring loops, with (say) Google, Hotmail, Yahoo and Riseup to ensure delivery works across servers

We should also make a design document to follow along.

#30020 switch from our custom YAML implementation to Hiera Internal Services/Tor Sysadmin Team project Apr 4, 2019

We currently use a custom-made YAML database for assigning roles to servers and other metadata. I started using Hiera for some hosts and it seems to be working well.

Hiera is officially supported in Puppet and shipped by default in Puppet 5 and later. It's the standard way of specifying metadata and class parameters for hosts. I suspect it covers most of our needs in terms of metadata and should cover most if not all of what we're currently doing with the YAML stuff in Puppet.

We should therefore switch to using Hiera instead of our homegrown solution.

This involves converting:

  • if has_role('foo') { include foo } into classes: [ 'foo' ] in hiera (DONE!)
  • hardcoded macros in the ferm module's me.conf.erb into exported resources (DONE, except for HOST_TPO)
  • templates looping over allnodeinfo into exported resources
  • the $roles array into Hiera (DONE!)
  • the $localinfo into Hiera (assuming all the data is there) (DONE!)
  • the $nodeinfo and $allnodeinfo arrays into Hiera (assuming we can switch from LDAP for host inventory)
  • basically any other stuff of the kind, including those files:
    ./modules/torproject_org/misc/local.yaml <- DONE!

Ideally, all YAML data should end up in the hiera/ directory somehow. This is the first step in making our repository public (#29387) but also using Hiera as a more elaborate inventory system (#30273).

The idea of switching from LDAP to Hiera for host inventory will definitely need to be evaluated more thoroughly before going ahead with that part of the conversion, but YAML stuff in Puppet should definitely be converted.

The general goal of this is both to allow for a better inventory system but also make it easier for people to get onboarded with Puppet. By using community standards like Hiera, we make it easier for new people to get familiar with the puppet infrastructures and do things meaningfully.

Update: get_roles(), has_role(), yamlinfo() and local.yaml are *all* gone! The main chunks remaining are now nodeinfo(), allnodeinfo(), $nodeinfo and hoster.yaml. A plan has been laid out for that replacement below. Obviously, the ipsec, static components and redirects YAML files could use a transition into Hiera as well, but those are lower priority.

antonela (2 matches)

Ticket Summary Component Milestone Type Created
#30327 https://newsletter.torproject.org overlaps text as width is too small on my phone Webpages/Website defect Apr 29, 2019

Testing on a Samsungs Galaxy S5 mini I realized there is overlapping text on https://newsletter.torproject.org in the Archive section (the dates overlap with text so that the result is hardly readable). See attachment for how this looks like.

#29937 Cannot choose language on mobile Webpages/Website defect Mar 28, 2019

The entire language list is not accessible on mobile.


arma (5 matches)

Ticket Summary Component Milestone Type Created
#19162 Make it even harder to become HSDir Core Tor/Tor Tor: unspecified defect May 23, 2016

In #8243 we started requiring Stable flag for becoming HSDirs, but this is still not hard enough for motivated adversaries. Hence we need to make it even harder for a relay to become HSDir, so that only relays that have been around for long get the flag. After prop224 gets deployed, there will be less incentive for adversaries to become HSDirs since they won't be able to harvest onion addresses.

Until then, our current plan is to increase the bandwidth and uptime required to become an HSDir to something almost unreasonable. For example requiring an uptime of over 6 months, or maybe requiring that the relay is in the top 1/4th of uptimes on the network.

#18213 The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file Core Tor/Tor Tor: unspecified defect Feb 2, 2016

The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file when a connection is done to an ip address.

If WarnUnsafeSocks 1 (default) is set there is no warning in the log file. If you look at the code for log_unsafe_socks_warning, the only case where an error is logged is when safe_socks is true. safe_socks is true only when SafeSocks parameter is set, but not when WarnUnsafeSocks is set.

The code should be

if (safe_socks || options->WarnUnsafeSocks) {

instead of

if (safe_socks) {

#17773 Should clients avoid using guards that lost the Guard flag? Core Tor/Tor Tor: unspecified enhancement Dec 8, 2015

Nick and I both thought that at least in the past, Tor clients would stop using a relay as their guard, if it loses the Guard flag.

But it looks like the code doesn't do that -- once a relay is your guard, you'll use it in the guard position regardless of whether it has the Guard flag at this moment or not.

This is actually a tricky design decision. In favor of avoiding guards that don't have the guard flag:

  • If they get really slow, we can instruct clients to abandon them.
  • If a relay gets the guard flag for only a short period of time, it will have only a small number of (dedicated) users using it for the next months.

In favor of using non-Guard guards anyway:

  • An attacker can't push you away from your guard by hurting its performance in the eyes of the directory authorities.
  • You won't rotate guards as many times.

That "can't push you away" one looks big. What other aspects should we be considering here?

#15715 spurious "Network is unreachable" error after setting DisableNetwork=1 Core Tor/Tor Tor: unspecified defect Apr 17, 2015

If DisableNetwork is set to 1 via SETCONF during bootstrapping, Tor sometimes generates spurious errors such as "Network is unreachable". Kathy and I saw this while testing a fix for #11879. We realize this may be difficult to fix due to the internal architecture / concurrency inside Tor.

See #15713 for steps to reproduce (but note that an error does not occur every time). In the log that is attached to #15713 you can see an example:

Apr 17 10:28:10.000 [warn] Problem bootstrapping. Stuck at 25%: Loading networkstatus consensus. (Network is unreachable; NOROUTE; count 1; recommendation warn; host 847B1F850344D7876491A54892F904934E4EB85D at

(the error happens right away if it happens at all – no delay).

This problem may cause some Tor Browser users to be a little confused; all they need to do is click "Open Settings" while Tor Browser was starting up and they will sometimes see an error alert.

#15713 toggling DisableNetwork during bootstrap causes delay Core Tor/Tor Tor: unspecified defect Apr 17, 2015

While testing a fix for #11879, Kathy and I noticed that if the bootstrap process is interrupted by setting DisableNetwork=1 via the control port, Tor waits about a minute after DisableNetwork is set back to 0 before continuing network activity. We observed this problem on a Mac OS 10.8.5 system. Possibly related tickets: #9229, #11069.

Once release candidates for Tor Browser 4.5 are available, this should be reproducible by following these steps:

  1. Start Tor Browser and click "Connect".
  2. Click "Open Settings" in the connection progress window to interrupt the bootstrap process.
  3. Click "Connect" again. Notice that there is a delay before the bootstrap makes more progress.

We are also able to reproduce it using Tor and a manual (telnet) control port connection. Follow these steps (control port authentication is up to you):

  1. Remove all cached Tor data and start Tor like this:

./tor --defaults-torrc torrc-defaults -f torrc DisableNetwork 1

  1. Make a control port connection and issue this command:

SETCONF DisableNetwork=0

  1. Wait for bootstrapping to reach 25-50% and then do:

SETCONF DisableNetwork=1

  1. Re-enable network access:

SETCONF DisableNetwork=0 Notice that there is a delay before the bootstrap makes more progress.

We used the torrc-defaults file that ships with Tor Browser 4.5a5:

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksPort 9150
ControlPort 9151
CookieAuthentication 1
## fteproxy configuration
ClientTransportPlugin fte exec PluggableTransports/fteproxy.bin --managed

## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy

## flash proxy configuration
# Change the second number here (9000) to the number of a port that can
# receive connections from the Internet (the port for which you
# configured port forwarding).
ClientTransportPlugin flashproxy exec PluggableTransports/flashproxy-client --register :0 :9000

## meek configuration
ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client

Our torrc is also from Tor Browser and it just contains a few paths:

DataDirectory /Users/.../tb-11879.app/TorBrowser/Data/Tor
GeoIPFile /Users/.../tb-11879.app/TorBrowser/Data/Tor/geoip
GeoIPv6File /Users/.../tb-11879.app/TorBrowser/Data/Tor/geoip6

I will attach some log output.

cypherpunks (1 match)

Ticket Summary Component Milestone Type Created
#21518 Pluggable transports for zero-rated services Applications/Orbot project Feb 20, 2017

Tor increases data usage, and most of the demographics that need Tor the most have very limited data, so please make PTs available for zero-rated services.

For example FreedomPop zero-rates WhatsApp (https://9to5mac.com/2016/08/17/freedompop-whatsapp-sim-free-iphone/) in 30 countries on a free ($0/month) plan.

A WhatsApp plugable transport would therefor allow users in poverty-stricken, massively oppressed countries to have unlimited free access to information through Tor.

I'm not sure if the component should be Orbot or Tor; the WhatsApp example is for mobile but there is also zero-rating for house internet, or someone might want to use a WhatsApp PT on a desktop/laptop/notebook with conventional Tor, tethered to a smartphone for the zero-rated protocol.

dgoulet (2 matches)

Ticket Summary Component Milestone Type Created
#33894 make (retroactive) proposal for DoS subsystem Core Tor/Tor Tor: unspecified task Apr 13, 2020

In #24902, dgoulet speaks of a ddos-design.txt document.

But there is no actual proposal for the overall DoS subsystem.

If we have the document around, and we just never published it, this is a great chance to notice, clean it up a bit, and call it proposal three-hundred-and-something. (And then maybe turn some of it into one of the spec files if that makes sense, but, one step at a time here. :)

Motivated by this month's tor-dev thread where all we have to show for the DoS subsystem design is a trac ticket number and a changelog entry.

#32880 V3 handshaking state change doesn't use "connection_or_change_state()" Core Tor/Tor Tor: unspecified defect Jan 6, 2020

When an OR connection acting as a server changes to state OR_CONN_STATE_OR_HANDSHAKING_V3, it does so by setting conn->base_.state directly and not using connection_or_change_state(), so afaict this state change is never passed to pubsub or to the channel object.

On the other hand, when changing to that same state when acting as a client, it does use connection_or_change_state() as expected.

This seems to me to be a bug, but maybe there was a good reason for doing it this way. Also it seems no one has complained about it since the code was added, so having it changed doesn't seem to be important. But documenting here anyways since someone may want to take a look at it at some point.

feynman (1 match)

Ticket Summary Component Milestone Type Created
#9022 Create an XMPP pluggable transport Circumvention/Pluggable transport task Jun 5, 2013

We should look into XMPP pluggable transports. There are many public XMPP services that see widespread use even from censored countries.

hiro (3 matches)

Ticket Summary Component Milestone Type Created
#28065 Tor web docs Webpages/Support defect Oct 16, 2018

During the meeting in CDMX some of us chatted about the possibility to build and maintain a sort of Tor web docs (like the mozilla web docs [1]).

The idea is to collect all the techniques we use to make websites tor-browser and privacy friendly in a single place. We could also include the reasoning behind doing certain things in pure css vs js. Or why we decide to do things in a certain way.

Some topic that I have been thinking about are:

  • Why tor browser is slightly different from Firefox (or another browser)
  • Why does my app work differently in tor browser?
  • How can I make my app compatible for people that do not use JS?
  • Code examples for css and js
  • Server side website programming, what to keep in mind...

While all these topics are documented in various articles around the interwebs, I kinda think we (tor community) should own something like this, since it would also help to push forward the idea that the web as we know it needs to change.

Up to now I have always thought this sort of content belonged to the styleguide. Recently I have been thinking that while the individual implementation details of what use in our websites can be included in the styleguide, the reasoning behind those and the general implementations should be put somewhere else.

Also I do not think these topics belong directly to the dev portal, as I tend to think that should be about developing on tor rather than considering how the web works a bit differently when using tor browser. Unless we would rather do a specific section regarding all this in the web portal.

Further things to consider:

  • Kevin (on cc) is working on a Tor friendliness scanner tool for websites.
  • We see often threads like this [2] on our mailing lists. This one is about how to avoid privacy leaks for onion services, but we might identify more similar best practice tips being discussed.

[1] https://developer.mozilla.org/en-US/ [2] https://lists.torproject.org/pipermail/tor-onions/2018-August/000295.html

#23574 Don't allow text injection in our 404 page Internal Services/Tor Sysadmin Team defect Sep 19, 2017

We got a report on HackerOne by sumitthehacker:

i want to report a text injection and a misconfiguration of the 404 page

the bug exists at :


as you can see attacker text is included
"It has been changed by a new one https://www.attacker.com so go to the new one since this one was not found on this server."

#22842 Create a knowledge base that's more in-depth than FAQs Webpages/Website WebsiteV3 task Jul 6, 2017

It would be useful for visitors to our web pages to have access to content that:

  • goes into more depth than a FAQ entry
  • is more formal than a blog post
  • is less comprehensive than a reference manual section
  • is more stable than a wiki page

These pages would form sort of a knowledge base or resource section.

irl (3 matches)

Ticket Summary Component Milestone Type Created
#33717 Define metrics-common group vars to replace exit-scanner-sys role Metrics/Cloud defect Mar 25, 2020

Assumptions made about what the TPA machine would look like turned out to be wrong, and those assumptions are included in the exit-scanner-sys role. In order to get the new system running as quickly as possible, the -sys role was left broken. This should be fixed before moving on as otherwise we are unable to easily create test/dev hosts easily in the future.

#33715 Create a metrics-common role and ops doc Metrics/Cloud project Mar 25, 2020

A number of tasks are common between the monitoring, OnionPerf, Onionoo and Exit Scanner services. We would benefit from combining these to give us a more consistent setup across these services and also to make maintenance easier in the future.

#33508 Write Ops Doc for check service Metrics/Exit Scanner task Mar 3, 2020

Mirroring the format of https://help.torproject.org/metrics/ops/onionoo-ops/ unless anarcat has requests for things to include here.

The sections on deployment and disaster recovery can already be written.

The sections on monitoring will have to wait for monitoring to exist.

juga (2 matches)

Ticket Summary Component Milestone Type Created
#33473 Document which branches developers should base their patches on Core Tor/sbws sbws: unspecified defect Feb 27, 2020

#28045 Start supporting python 3.7, python 3.8, and pypy3.5 Core Tor/sbws sbws: 1.2.x-final defect Oct 15, 2018

karsten (3 matches)

Ticket Summary Component Milestone Type Created
#33421 Track which Guard is used for experimental measurements Metrics/Onionperf enhancement Feb 22, 2020

Sometimes tor uses Guards other than its main one; we need to differentiate this in the Onionperf results from measurement rotation events.

#33399 Measure static guard nodes with OnionPerf Metrics/Onionperf enhancement Feb 20, 2020

The specifications for measuring this are as follows:

  • OP should measure one guard or set of guards at a time. It could use NumEntryGuards in the torrc file to support more than 1 guard
  • A new guard/set of guards must be chosen after a day of measurement
  • All CBT data must be erased when choosing a new set of guards, after day of measurements (at UTC midnight). This could mean erasing or replacing the state file for CBT.

#24542 Improve logging for Exonerator Metrics/ExoneraTor enhancement Dec 6, 2017

When looking at #24534 I noticed there is hardly any useful logging. Both backend and web-frontend need better logging. The web-part has no logs so far and the logs of the backend consist mainly of one message, which should rather be on debug than info level:

INFO o.t.m.e.QueryServlet:315 Returned a database connection to the pool after 105 millis.

lunar (1 match)

Ticket Summary Component Milestone Type Created
#11355 Provide obfsproxy nightlies in our debian repositories Archived/Obfsproxy task Mar 28, 2014

People are asking for obfsproxy nightlies (#10954). It would be brilliant if people could add our debian repo, and get the latest obfsproxy master through it.

How can I help you do this?

No hurry on this one. I mainly made this ticket because #10954 was not very specific.


n8fr8 (6 matches)

Ticket Summary Component Milestone Type Created
#5469 Orbot: can't specify node restrictions Applications/Orbot defect Mar 24, 2012

I'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request. In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a UK ip.

Also, at random (usually after 30 minutes or so) I seem to lose connection to the Tor network without Orbot notifying me. I'm using Pandora from Canada.

#5393 orbot relay bug - orbot is not setting the relay values into torrc properly causing orbot to not work when set as relay Applications/Orbot defect Mar 15, 2012

This is about the bug discussed with 'n8fr8' on #guardianproject at freenode. So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones. I checked with the orbot version '' and you have checked with the 'dev branch of the code' as you said (i suppose that means you have checked with latest version of code by compiling and running the latest updated version from git; i will do it too and let you know again). But none seemed to work. In fact, you said you were getting a more significant crash, when you enabled relaying on smartphone for dev branch of code. You also thought if the problem is: whether the Relay conflict is with transproxying/root or with Tor client connection in general. But, i'm not sure if it later seemed not to be the problem. Then, you told me to change the torrc file on my android phone, as you said that orbot is not setting the relay values properly which might be the reason for orbot not working as a relay on smartphone. So, I will do that and let you know about it. I will also keep checking 'https://guardianproject.info/builds/Orbot/' to see if any new dev/debug release is posted. Thankyou so very much for all your help, Mr.Nathan.

#3775 Permission error on Orbot Applications/Orbot defect Aug 21, 2011

There's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.

#3595 Connections with IPv4-mapped IPv6 addresses bypass transproxy Applications/Orbot defect Jul 14, 2011

A user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses for a large portion of connections. For examples, please see http://pastebin.com/Z4KDDq40. These connections completely bypass transproxy.

I am not yet sure about the circumstances under which Android employs these addresses.

The problems in finding a solution are that Android usually does not include ip6tables (though Orbot could simply package that) and kernels do usually not include IPv6 netfilter modules. The latter is a major issue, since Orbot can't package modules for every single kernel a user might be running.

As a side note, IPv6 does not support NAT (which is what transproxying is based on).

I'll try to figure out what triggers this behaviour of Android and find possible solutions (using sysctl to disable IPv6 does not solve it).

#2761 Orbot Service not shutting down Applications/Orbot defect Mar 15, 2011

Behaviour: When closing tor network with big Button and exiting Orbot after tor is "deactivated", privoxy is still running and the Orbot service is not stopped.


  • Killing Privoxy from shell stops the privoxy process (OK)
  • Killing Orbot process simply restarts the process (BAD)


  • Running Orbot v1.0.4.1
  • Android Froyo 2.2.1 speedmod kernel
  • Samsung Galaxy

#2424 Android purges firewall rules after network disable/airplane mode. Applications/Orbot defect Jan 22, 2011

Setting my phone to disable data access and/or enable airplane mode seems to cause the transproxy iptables rules created by OrBot to get silently flushed. After re-enabling, all apps access everything without tor, until I go into the orbot config screen to cause it to reapply them.

OrBot should listen for these network disable/loss/disconnect events if possible, and reinstate the iptables rules after this happens.

Someone should also test if switching from cell data to+from wifi also triggers this iptables reset. I have not tested that yet.

nickm (14 matches)

Ticket Summary Component Milestone Type Created
#33097 outbuf_flushlen seems to serve no purpose Core Tor/Tor Tor: 0.4.5.x-final defect Jan 29, 2020

The "outbuf_flushlen" field in connection_t seems to not actually do anything that's distinct from buf_datalen(conn->outbuf)... except possibly, to get out of sync with it under rare conditions? (eg #32472).

Flushlen once existed to implement rate limiting: it was introduced in 117cbeeaaf30cdb before we even had round robining. Later there was some logic involved with f5ebf4c712d693c to try to flush full TLS records. And controller connections used ab838bddb89f to force early flushing there... but right now, we don't flush according to the same logic that we used to flush, and I think outbuf_flushlen is now obsolete.

I think there's a case to be made for removing this field in 0.4.3, but I'd like to be cautious.

Adding arma to cc in case he can remember what outbuf_flushlen is for.

#32907 Remove or_options_t dependencies from module config headers Core Tor/Tor Tor: 0.4.4.x-final enhancement Jan 9, 2020

The following inline header functions depend on some members of or_options_t, which is a dependency we don't need:

  • options_validate_dirauth_mode()
  • options_validate_server_transport()
  • options_validate_relay_mode()

And the dependency only exists when the relay or dirauth modules are disabled.

Instead, we could put these functions in stub C files, which are only compiled when relay/dirauth mode is disabled.

#32830 Relay_extended - hash and padding - specs are wrong or unclear Core Tor Tor: 0.4.4.x-final defect Dec 20, 2019

I noticed recently plenty of 'unrecognized' relay_extended messages for node-Tor project while everything was working fine in the past after I updated the code and made it modular (and some abnormal delays to establish circuits), see also http://peersm.com/peersm2 this is temporary but I had to put a lot of debug stuff to find out what was going on

Finally I figured out why: unlike what is writen in the main Tor specs the hash is calculated not only with the real payload of the relay_extended messages but includes also the padding (apparently starting with 00000000, not sure where it comes from neither where it is specified)

This looks quite strange, what is the rationale for this, is it a bug, why is it not documented and does it impact other types of messages?

#32691 Image broken in 'src-ref' documentation Core Tor/Tor Tor: unspecified defect Dec 6, 2019

For example if you visit https://src-ref.docs.torproject.org/tor/dataflow.html, the "structure hierarchy for connection types" image is missing (the img tag has a 404). There are possibly other missing images as well, but I can't find the markdown files to check (there were the original versions, then they were moved to the tor git repo and edited iirc, but now they're gone).

There's also another image missing on the same page, but has no <img> tag (compare the top of the https://people.torproject.org/~nickm/tor-auto/internal/02-dataflow.html and https://src-ref.docs.torproject.org/tor/dataflow.html pages). But it may have been removed on purpose.

#32139 Disable all dirauth options when those modules are disabled Core Tor/Tor Tor: unspecified enhancement Oct 18, 2019

Here's what we want to change in this ticket:

  • --disable-module-dirauth (and, by implication, --disable-module-relay)
    • Disables *AuthoritativeDir*, and MinUptimeHidServDirectoryV2 options
      • Maybe these options should move under Directory Authority Server Options in the man page
    • Disables all the options under Directory Authority Server Options

#32103 Subsystem "thread_cleanup" is never called Core Tor/Tor Tor: unspecified defect Oct 16, 2019

Subsystems implement the interface of struct subsys_fns_t, with one of the optional function pointers being void (*thread_cleanup)(void). This thread_cleanup function is called for all subsystems by the subsystem manager function void subsystems_thread_cleanup(void), but the subsystems_thread_cleanup function is never called anywhere in the code.

At the moment, the only subsystem to implement the thread_cleanup interface is the crypto subsystem, which uses thread_cleanup for freeing the threadlocal crypto_fast_rng_t, as well as freeing the threadlocal error queue on old versions of OpenSSL. As far as I can tell, this is never run.

I think that the subsystems_thread_cleanup function should be run somewhere in the code, but it's not clear to me how this subsystems_thread_cleanup is expected to be used. It seems like there should also be subsystems_thread_init and thread_init functions as well for initializing threadlocal variables. Right now the crypto subsystem does an "initialize on first use" singleton pattern, but it might be useful to add this initialization interface function so that subsystems have the option of initializing all of their threadlocals in one place.

#31940 Fail unit tests that hang Core Tor/Tor Tor: unspecified enhancement Oct 3, 2019

Follow up to #31841.

We should set a time limit for each individual unit test, and fail it if it takes too long.

We might also want to timelimit checks as well.

We can set a time limit on entire shell commands using the "timelimit" command. But we will need to write test code to do it per-unit test.

#31882 move Android build config into core tor Core Tor/Tor Tor: unspecified defect Sep 27, 2019

Guardian Project has maintained a wrapper build system for building tor for Android since the beginning. Since many more people are now building tor for Android, I'm working to upstream as much of that as possible. The goal is that the requirements for building on Android can be fulfilled by tor's own configure.ac.

The first change is to remove the unnecessary ./configure --enable-android option.

  • Android NDK compilers define __ANDROID__ so that can be used for Android-only code without adding anything in configure.ac, (following the standard pattern like __APPLE__, __linux__, __FreeBSD__, _WIN32, etc.
  • android/log.h and __android_log_write() are always present if building for Android, so this would be like testing for printf() on UNIX.

Then move the Android config into configure.ac reusing the ./configure --enable-android flag. A working sketch for that is here: https://trac.torproject.org/projects/tor/ticket/28766#comment:6

The last piece is including a Java JNI wrapper in tor, enabled by ./configure --enable-jni. This lets us run tor as an Android Service, which is the Android equivalent of a UNIX daemon (UNIX daemons are not really supported on Android and using them is quite problematic). This JNI API should be generic enough to be useable in Java in general, though that's not a priority for us.

I'll add patches for merging once we agree on these details. I have this all working already on my machine.

#31631 Write a test for round-trip encode/decode operations on configuration objects. Core Tor/Tor Tor: unspecified enhancement Sep 4, 2019

We should have tests to round-trip through torrc, state, and sr_disk_state objects. We should make sure that encoding a configuration object and then parsing it again gives us the same result.

We might be able to turn this into a fuzzer test.

#31483 token_bucket_ctr_adjust() does not convert rate to step Core Tor/Tor Tor: 0.4.4.x-final defect Aug 22, 2019

In #30687, we created a single-counter token bucket token_bucket_ctr.

token_bucket_rw_adjust() calls rate_per_sec_to_rate_per_step(rate), but token_bucket_ctr_adjust() does not.

I suggest we fix this bug by moving rate_per_sec_to_rate_per_step(rate) into token_bucket_cfg_init(). And we should add some documentation that explains the difference between rate and burst.

Gaba, this is sponsor 31-must, because it is a bug fix on sponsor 31 code that has already been merged.

#27130 rust dependency updating instructions don't work Core Tor/Tor Tor: unspecified defect Aug 13, 2018

None of the instructions mention updating Cargo.lock, which is required. The script updateRustDependencies.sh doesn't update that file, either.

#18788 Make the copyright license clear for torspec and proposals Core Tor/Tor Tor: unspecified enhancement Apr 11, 2016

Once upon a time, the tor spec files and proposals were in the Tor tarball, so they clearly were covered under Tor's copyright license (3-clause BSD).

But now they're in their own git repository.

I think maybe they technically have no copyright license now?

We should pick one (I vote cc-by) and try to apply it. This plan could become tricky for proposals, because there are a lot of authors on proposals by now.

#16579 (Sandbox) Caught a bad syscall attempt (syscall socket) Core Tor/Tor Tor: unspecified defect Jul 14, 2015

I'm running tor on Gentoo Hardened. The bug exists in and tor crashes within seconds of starting, before any clients can connect I think.

Jul 14 13:13:07.000 [notice] Tor (git-df76da0f3bfd6897) opening log file.
Jul 14 13:13:07.182 [notice] Tor v0.2.7.1-alpha (git-df76da0f3bfd6897) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.1p and Zlib 1.2.8.
Jul 14 13:13:07.182 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 14 13:13:07.182 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Jul 14 13:13:07.182 [notice] Read configuration file "/etc/tor/torrc".
Jul 14 13:13:07.187 [notice] Opening Socks listener on
Jul 14 13:13:07.187 [notice] Opening Socks listener on
Jul 14 13:13:07.187 [notice] Opening Socks listener on
Jul 14 13:13:07.187 [notice] Opening Control listener on
Jul 14 13:13:07.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jul 14 13:13:07.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jul 14 13:13:07.000 [notice] Bootstrapped 0%: Starting

============================================================ T= 1436875987
(Sandbox) Caught a bad syscall attempt (syscall socket)
$ uname -r

This bug has been reported downstream: https://bugs.gentoo.org/show_bug.cgi?id=550302. It occurs with the following torrc:

# Minimal torrc so tor will work out of the box
User tor
PIDFile /var/run/tor/tor.pid
Log notice syslog
Log notice file /var/log/tor/log
DataDirectory /var/lib/tor/data
SandBox 1

SocksPort 9050
SocksPort 9056 IsolateDestAddr IsolateDestPort
SocksPort 9055

ControlPort 9015
CookieAuthentication 1

By commenting out "Sandbox 1" or unsetting it, tor will obviously run without crashing.

#16016 extrainfo_insert(): Bug: No entry found in extrainfo map. Core Tor/Tor Tor: 0.4.4.x-final defect May 14, 2015

I get these on moria1 pretty often. It's been ongoing for a long time I think -- since whenever we attempted to fix that last bug with ri / ei synchronization.

Here's a potentially useful info-level log:

May 13 18:50:37.600 [info] connection_dir_client_reached_eof(): Received extra server info (size 5307) from server ''
May 13 18:50:37.600 [info] router_load_extrainfo_from_string(): 3 elements to add
May 13 18:50:37.600 [warn] extrainfo_insert(): Bug: No entry found in extrainfo map. [1 similar message(s) suppressed in last 1800 seconds] (on Tor 95a9920461dd3322)
May 13 18:50:37.623 [info] connection_dir_client_reached_eof(): Received 0/9 extra-info documents requested from

I don't know if this last line is related or not.

Actually, I get one of the Bug: messages every hour on moria1, a little bit after the 50 minute mark. Sounds like I'm hearing votes from other authorities, and they make me think of an extrainfo I don't have, so I try to get it, and then bug.

pde (5 matches)

Ticket Summary Component Milestone Type Created
#7454 Active rules list doesn't indicate effects of securecookie if no URL rewrite took place HTTPS Everywhere/EFF-HTTPS Everywhere defect Nov 12, 2012

We just had a bug reported about a securecookie rule that applied to all of MIT (including pages that don't support HTTPS at all!) and was breaking logins.

However, the ruleset in question didn't appear in the active rules menu, because no rewrite rule was triggered on the page in question -- only a securecookie. This made the problem take slightly longer to debug and made it harder for affected users to work around. The existing logic for deciding which rules are "active" on the current pages seems to be triggered solely by rewrite rules.

Since securecookie rules affect page rendering and can even break it, rulesets containing them should also show up in the active rules menu when they were applied to a resource on the current page.

#6592 HTTPS Everywhere Causes WordPress.com Zemanta Media Gallery To Not Work HTTPS Everywhere/EFF-HTTPS Everywhere defect Aug 11, 2012


Every version of HTTPS Everywhere that I have tested has caused a problem with at least one of the common websites that I visit, so I finally am reporting one of these problems.

When using WordPress.com with Zemanta enable, the Media Gallery/Recommended Images show up, but the hover feature that allow you to preview images does not work and clicking images to add them to your post does not work when HTTPS Everywhere is installed.

Here is an example of what Zemanta looks like on WordPress.com:


I am using HTTPS Everywhere in the latest Firefox and have had this problem in other versions of Firefox, and with various versions of HTTPS Everywhere.

I think this problem happens even if HTTPS Everywhere is disabled, but once uninstalled the problem stops, but I could be wrong.

Thank you, -John Jr :)

#6276 Hiding the context menu button breaks the Tools->HTTPS Everywhere menu HTTPS Everywhere/EFF-HTTPS Everywhere defect Jul 2, 2012

When you drag the httpse icon from the urlbar to 'menu_bar.view.toolbars.customize' window you lose the 'menu_bar.tools.https_everywhere' drop down menu content for httpse, though the menu item itself is still there. At that point, the only way to configure httpse is via 'about:addons'. Or of course to restore the icon to the urlbar.

Seems to me the drop down menu content should remain regardless of where the icon is, or is not.

FF 10.0.3 ESR HTTPS-E v2.1

#4278 MSDN navigation breakage (due to Origin: header omission?) HTTPS Everywhere/EFF-HTTPS Everywhere defect Oct 20, 2011

Reported here: https://bugzilla.mozilla.org/show_bug.cgi?id=694611

Test case:

Clicking on the fold-out tabs on the left of this page produces no results:


#3777 Should not generate mixed-content warnings if rewriting all http to https HTTPS Everywhere/EFF-HTTPS Everywhere defect Aug 21, 2011

As far as I can tell, Firefox produces mixed-content warnings on an https page that references resources (images, scripts, etc) via http, even if HTTPS Everywhere can rewrite all of those http URLs to use https. (HTTPS Everywhere does rewrite resource requests, right?)

Ideally, if HTTPS Everywhere successfully rewrites every http request from a page to an https request, the page should not generate a mixed content warning. (Though I'd still like to see some indication that the page was only secure due to HTTPS Everywhere, so I know to report the insecure resources to the site owner.)

phoul (1 match)

Ticket Summary Component Milestone Type Created
#10966 Define a process on how new support assistants can be accepted in the team Community/Tor Support task Feb 20, 2014

The switch from having a single person handling all support request to a team was made through recruiting support assistants as a contracting position. It would be good to define a process on how new people can get accepted in the team. It's mostly a question of trust and probably we need to define a vouching process and a set of people that need to ack the decision.

rl1987 (5 matches)

Ticket Summary Component Milestone Type Created
#33086 Support brotli compression for directory requests Core Tor/Tor Tor: unspecified enhancement Jan 28, 2020

Brotli seems to outperform zstd in compression, and claims performance comparable to deflate. We should investigate using it for directory requests.

#31023 Add tests for tor-print-ed-signing-cert and other tools, and run them in CI Core Tor/Tor Tor: unspecified defect Jun 28, 2019

We almost missed a memory safety bug in #31012, because our CI doesn't run our tools. We should write some quick tool tests, and run them in our CI.

#28982 Refactor GETINFO dir/ so that new tor/ URLs automatically become GETINFOs Core Tor/Tor Tor: unspecified enhancement Jan 4, 2019

The control-spec lists some tor/ URLs as GETINFO dir/ keys: https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n807 (The reference to section 4.4 in dir-spec is also wrong, it should be Appendix B.)

But some newer URLs are missing, for example, consensus-microdesc: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n3862

We could refactor the GETINFO dir/ code to redirect all requests to the tor/ URL.

#27324 Rework AUTHENTICATE cell parsing and remaining generation with trunnel Core Tor/Tor Tor: unspecified enhancement Aug 26, 2018

In channetls.c we have channel_tls_process_authenticate_cell() that uses memcpy et. al. to parse AUTHENTICATE cell. This should be done with machine generated code from trunnel. We also should rely more on trunnel when generating AUTHENTICATE cells. Generation of Type 1 authentication payload is mostly implemented with trunnel already.

#27143 Look for parts of code that relies on non-trunnel code for binary wire format handling Core Tor/Tor Tor: unspecified task Aug 14, 2018

Open a new ticket for each, so that it could be reworked one at a time.

We really should do this for Tor cell handling.

rransom (1 match)

Ticket Summary Component Milestone Type Created
#3459 Expose information about dir conns to controllers Core Tor/Tor Tor: unspecified enhancement Jun 24, 2011

Currently, we do not expose any information about non-tunneled directory connections to controllers. Should we?

saint (1 match)

Ticket Summary Component Milestone Type Created
#9360 increase font size in trac Internal Services/Service - trac defect Jul 31, 2013

Whenever I visit trac I find the fonts hard to read. The file https://trac.torproject.org/tor.css has the following lines inside:

body, th, td {
 font: normal 13px Verdana,Arial,'Bitstream Vera Sans',Helvetica,sans-serif;

So the font-size is set to 13px. I would propose to change it to 1.0em. This sets the font-size to the value the users has set for normal texts. So it should reflect the users choice.

Maybe can also change the font sizes of the headings. The current setting in tor.css is:

h1 { font-size: 19px; margin: .15em 1em 0.5em 0 }
h2 { font-size: 16px }
h3 { font-size: 14px }

In relative terms the settings should be like:

h1 { font-size: 1.5em; margin: .15em 1em 0.5em 0 }
h2 { font-size: 1.2em }
h3 { font-size: 1.1em }

sysrqb (3 matches)

Ticket Summary Component Milestone Type Created
#33948 Setup a new nightly build machine Applications/Tor Browser task Apr 21, 2020

I am currently running nightly builds at http://f4amtbsowhix7rrf.onion/. I think someone else from Tor Browser team should setup a new nightly build machine.

To do that the ansible scripts in directory tools/ansible can be used: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/tools/ansible

You will need to:

  • if the host does not have a public IP address, you can install tor and setup an onion service on the http port (this part is not done in ansible)
  • add a new host in the inventory file
  • configure this host in your ~/.ssh/config file if necessary (if the hostname added to the inventory file is not a real hostname), and make sure that you can connect to the host with ssh root@$hostname
  • copy the file boklm-tbb-nightly-build.yml to an other name
  • copy the directory group_vars/boklm-tbb-nightly to another group name, and update the configuration in tbb-nightly-build.yml
  • configure email on the host. This can be done in ansible with the file dma.yml. The email password (if needed) is stored encrypted in dma-auth.yml in the directory vaulted_vars (see https://docs.ansible.com/ansible/latest/cli/ansible-vault.html), and the password to decrypt the vault is passed with the --vault-password-file argument in the Makefile (maybe it's also possible to store dma-auth.yml outside tor-browser-build.git without using vault). Alternatively you can configure email on the host without using ansible, by removing the mta role from the *-tbb-nightly-build.yml file.
  • in the Makefile add a new *-tbb-nightly-build rule
  • run "make *-tbb-nightly-build"
  • if you enabled nightly_build_sign_build in tbb-nightly-build.yml, connect to the host and become the tbb-nightly user and generate a new gpg key (the key is not created automatically by ansible)

#33803 Generate a second mar signing key for nightly Applications/Tor Browser task Apr 3, 2020

We currently have only one mar signing key accepted by the nightly builds. To plan for rotation of the key, we should generate a second one in advance (offline), and add it as toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der.

#27539 Create plan for releasing on F-Droid Applications/Tor Browser enhancement Sep 7, 2018

Can we create a build script and add the app now? What are the blockers? How difficult will this become after we begin building using tor-browser-build?

The Guardian Project have their own F-Droid repository, do we need our own? If we do, can ours be included in the f-droid app by default (but disabled), too?

wulder (1 match)

Ticket Summary Component Milestone Type Created
#21087 Separate truncated descriptor(s) from next complete descriptor Metrics/CollecTor defect Dec 26, 2016

Hi Karsten, a user reached out to me because Stem's validator warns about a CollecTor tarball. In particular it's surprised by @source annotations in the server descriptors.

Here's the *server-descriptors-2016-09/2/2/228e3ecf654e1b7b4f01a0027e599e7ba14b216c* descriptor from the tarball for an example...

@type server-descriptor 1.0 
router sauronkingofmortor 9001 0 9030
-----BEGIN ED25519 CERT-----
-----END ED25519 CERT-----
master-key-ed25519 7PV1B+84IhXfpoz1sBS1Kb5mvKr3bQoXIKeCulgw51M
platform Tor on Linux
protocols Link 1 2 Circuit 1
published 2016-09-15 09:23:41
fingerprint 2D8A FA91 2E2B 8623 BB2C DACD 1933 2209 D524 D1A3
uptime 860586
bandwidth 12288000 12288000 7792456
extra-info-digest 2017D54A2C28B100CE173351E0799E15153B703B                                          D2vKVNwaxArp6bf11NWPRNoYGQ0lBgIwziSXNkL9TCw
ntor-onion-key-crosscert 0
-----BEGIN ED25519 CERT-----
-----END ED25519 CERT-----
contact luciole <luciolesauronkingofmortor@yopmail.com>
ntor-onion-key lhvzaL7Ze85GFMWMQscMgIt9IOx6srmOiXqD85kOekI=
reject *:@uploaded-at 2016-09-15 09:24:06
@source ""
router torbeornottorbe 9001 0 0
platform Tor on Linux
protocols Link 1 2 Circuit 1
published 2016-09-15 09:24:06
fingerprint C6EE 9826 7F82 962C C2FC 1E9E 2AE5 F317 B2D2 D6F0
uptime 762082
bandwidth 1024000 2048000 106721
extra-info-digest 08D7C6A9FF860F6A5D12FB43BD2051ACC06BCE52
family $5A8B78AB293475D6D55F1CBFA5D2A1CEEB09545B $EAE900D1DB28D56F4535C06F1BAEB92B9E3BFEE6
contact A36F 07B9 285A C895 3E42 69F3 0CCC 0AF6 2FEC DB6E Random Person <nae AT blueyonder dot co   dot uk>
ntor-onion-key 90dT83YmTzH/uojnATf+KOtwJssKGURO/qdu3SR0XgE=
reject *:*

Seems this is two descriptors concatenated together with a @source in the middle? Any hints on where these come from?


yawning (1 match)

Ticket Summary Component Milestone Type Created
#15593 Bring sanity to the tor side of the PT shutdown process. Circumvention/Pluggable transport Tor: unspecified enhancement Apr 5, 2015

This is the final phase of my great PT shutdown process cleanup as a follow up to #15545.

Now that there's a portable mechanism to signal termination to PTs (close the stdin), we should change the PT shutdown process to allow graceful termination to look like this:

  1. Close stdin (and on U*IX, send a SIGTERM, PT behavior here is equivalent).
  2. Wait for a grace period (~1 sec?)
  3. If the child still is not dead, send a SIGKILL/TerminateProcess(). (Failsafe)

This fixes #9330 in that, PTs that wish to trap a graceful shutdown on Windows have a way to do so, despite the final stage of the process killing the PT in the most violent way possible as a failsafe (realistically, PTs should exit shortly after step 1).

Note: See TracReports for help on using and creating reports.