Opened 18 months ago

Closed 5 months ago

Last modified 5 months ago

#30318 closed enhancement (fixed)

Integrate snowflake into mobile Tor Browser alpha

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TorBrowserTeam202005R, tbb-10.0a1
Cc: cohosh Actual Points:
Parent ID: #19001 Points:
Reviewer: Sponsor: Sponsor28-must

Description

#28672 is dealing with reproducibly building snowflake. This ticket is for all the build-unrelated changes we need to make so that users can actually select snowflake in their mobile Tor Browser alpha and have it working there.

Child Tickets

TicketTypeStatusOwnerSummary
#28672projectclosedcohoshAndroid reproducible build of Snowflake

Attachments (1)

0001-Bug-30318-Add-snowflake-support.patch (3.9 KB) - added by gk 6 months ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 9 months ago by gaba

Sponsor: Sponsor28-must

comment:2 Changed 6 months ago by gk

bug_30318 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_30318&id=4516c5951e84d5e6f432056ef278c1e2486b2f9b) has an untested patch for the browser parts. I plan to write the other ones and test those over the weekened. Shouldn't be too hard (famous last words).

comment:3 in reply to:  2 ; Changed 6 months ago by gk

Cc: cohosh added
Keywords: TorBrowserTeam202005R added
Status: newneeds_review

Replying to gk:

bug_30318 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_30318&id=4516c5951e84d5e6f432056ef278c1e2486b2f9b) has an untested patch for the browser parts. I plan to write the other ones and test those over the weekened. Shouldn't be too hard (famous last words).

That patch is still good to go, I think. The other patches are:

1) for tor-andrdoid-service (https://gitweb.torproject.org/user/gk/tor-android-service.git/commit/?h=bug_30318&id=ecc251d0a73f7e2034a271efd28036a0108b8688)

2) for tor-onion-proxy-library see attachment.

Testing is a bit tricky right now, as #28672 is not merged/ready yet. I uploaded a test build for armv7 so others can check whether the result works for them:

https://people.torproject.org/~gk/testbuilds/tor-browser-testbuild-android-armv7-multi-qa-30318.apk
https://people.torproject.org/~gk/testbuilds/tor-browser-testbuild-android-armv7-multi-qa-30318.apk.asc

It works for me at least most of the time, I think. snowflake can get selected like the other built-in bridges in the UI. Sometimes, though, I get the following error, which makes my browser with snowflake stuck:

- NOTICE: Bootstrapped 1% (conn_pt): Connecting to pluggable transport
- NOTICE: Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
- NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
- NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
- NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
- NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
- NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus  - Circuit (1) BUILT: 2B280B23E1107BB62ABFC40DDCC8824814F80A72
- NOTICE: new bridge descriptor 'flakey' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey at 0.0.3.0
- NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
- NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
- NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
- Circuit (1) CLOSED: flakey
- NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
- WARN: Problem bootstrapping. Stuck at 85% (ap_conn_done): Connected to a relay to build circuits. (DONE; DONE; count 1; recommendation warn; host 2B280B23E1107BB62ABFC40DDCC8824814F80A72 at 0.0.3.0:1)
- WARN: 1 connections have failed:
- WARN:  1 connections died in state handshaking (TLS) with SSL state SSLv3/TLS write client hello in HANDSHAKE
- NOTICE: Delaying directory fetches: No running bridges

I don't have good repro steps but I've never seen such a problem with other pluggable transports. Sometimes when I don't get

- Circuit (1) CLOSED: flakey

I still get the TLS handshaking issue as above but the bootstrapping succeeds and I can use Tor Browser. So, it might not actually be a snowflake bug but something else. Hard to say.

comment:4 Changed 6 months ago by cypherpunks

good job

Last edited 6 months ago by cypherpunks (previous) (diff)

comment:5 in reply to:  3 ; Changed 6 months ago by cohosh

Replying to gk:

I don't have good repro steps but I've never seen such a problem with other pluggable transports. Sometimes when I don't get

- Circuit (1) CLOSED: flakey

I still get the TLS handshaking issue as above but the bootstrapping succeeds and I can use Tor Browser. So, it might not actually be a snowflake bug but something else. Hard to say.

Awesome, thanks GeKo! We should be testing this with #34043. I can build with these patches on top of that or wait until we merge it to test this.

comment:6 in reply to:  5 Changed 6 months ago by gk

Replying to cohosh:

Replying to gk:

I don't have good repro steps but I've never seen such a problem with other pluggable transports. Sometimes when I don't get

- Circuit (1) CLOSED: flakey

I still get the TLS handshaking issue as above but the bootstrapping succeeds and I can use Tor Browser. So, it might not actually be a snowflake bug but something else. Hard to say.

Awesome, thanks GeKo! We should be testing this with #34043. I can build with these patches on top of that or wait until we merge it to test this.

Alright, here is a bundle that includes the code for #34043:

https://people.torproject.org/~gk/testbuilds/tor-browser-testbuild-android-armv7-multi-qa-30318-34043.apk
https://people.torproject.org/~gk/testbuilds/tor-browser-testbuild-android-armv7-multi-qa-30318-34043.apk.asc

I have not hit the issue in comment:3 after a bit of testing which is promising as I did not have a problem encountering it with my previous test build.

The branch for building I used was https://gitweb.torproject.org/user/gk/tor-browser-build.git/log/?h=bug_30318.

comment:7 Changed 5 months ago by cohosh

I started using this build as my default browser on mobile. So far, I've noticed the following:

  • It works great when I'm on wifi. I can browse to sites pretty quickly, and continues to work when I leave and come back later :)
  • I still haven't gotten it to work on my cell provider's data network and am getting the following error messages:
    - Starting Tor client… complete.
    - NOTICE: Bootstrapped 1% (conn_pt): Connecting to pluggable transport 
    - NOTICE: Bootstrapped 2% (conn_done_pt): Connected to pluggable transport 
    - NOTICE: Bootstrapped 10% (conn_done): Connected to a relay 
    - NOTICE: Unknown line received by managed proxy (ice ERROR: 2020/05/29 17:00:19 error processing checkCandidatesTimeout handler the agent is closed).
    - NOTICE: Delaying directory fetches: No running bridges 
    - TorService is shutting down
    

This has happened every time I've tried to connect on data so far, and the ice Error bit makes me think it's not just the NAT problem from #33666. I wonder whether UDP/STUN/P2P traffic is disabled on data connections by default?

comment:8 in reply to:  3 Changed 5 months ago by sysrqb

Keywords: tbb-10.0a1 added
Resolution: fixed
Status: needs_reviewclosed

Nice work everyone, thanks!

Replying to gk:

Replying to gk:

bug_30318 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_30318&id=4516c5951e84d5e6f432056ef278c1e2486b2f9b) has an untested patch for the browser parts. I plan to write the other ones and test those over the weekened. Shouldn't be too hard (famous last words).

That patch is still good to go, I think.

You're becoming an Android developer :)

I rebased this patch and merged it as commit 002d35ffa55518c5517c2be746da2678a70da47a on tor-browser-68.9.0esr-10.0-1.

The other patches are:

1) for tor-andrdoid-service (https://gitweb.torproject.org/user/gk/tor-android-service.git/commit/?h=bug_30318&id=ecc251d0a73f7e2034a271efd28036a0108b8688)

I merged this patch directly (same commit hash).

2) for tor-onion-proxy-library see attachment.

I included this patch in commit 4d57755506496d02107e4dc2adf38252032df383 on master.

comment:9 Changed 5 months ago by boklm

I don't know if it is related to this patch, but the next nightly build after it was merged was stuck while building tor-onion-proxy-library for android-armv7.

The process that was stuck is:

java -Dorg.gradle.appname=gradle -classpath /var/tmp/dist/android-toolchain/gradle/gradle-4.10.2/lib/gradle-launcher-4.10.2.jar org.gradle.launcher.GradleMain --offline --no-daemon -P androidplugin=3.1.0 -Dmaven.repo.local=/var/tmp/tmp.wrhYrP5WDj/gradle-dependencies-3 assembleRelease -x lint

And tor-onion-proxy-library-android-armv7.log contains this:

Exception in thread "queued-resource-processor_1" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "queued-resource-processor_2" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "queued-resource-processor_3" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "queued-resource-processor_4" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "queued-resource-processor_6" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
Exception in thread "queued-resource-processor_5" java.lang.RuntimeException: Timed out while waiting for slave aapt process, make sure the aapt execute at /var/tmp/dist/android-toolchain/android-sdk-linux/build-tools/27.0.3/aapt2 can run successfully (some anti-virus may block it) or try setting environment variable SLAVE_AAPT_TIMEOUT to a value bigger than 5 seconds
	at com.android.builder.png.AaptProcess.waitForReadyOrFail(AaptProcess.java:178)
	at com.android.builder.internal.aapt.AaptQueueThreadContext.creation(AaptQueueThreadContext.java:56)
	at com.android.builder.tasks.WorkQueue.run(WorkQueue.java:250)
	at java.base/java.lang.Thread.run(Thread.java:834)
> Task :android:platformAttrExtractor
> Task :android:verifyReleaseResources

I don't know yet if the build works for others android architectures.

Note: See TracTickets for help on using tickets.