The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-10-03T13:28:49Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41911Firefox-Android tor bootstrap connect button css broken2023-10-03T13:28:49ZDan BallardFirefox-Android tor bootstrap connect button css brokenthe text lost its centering
![Screenshot_20230725-120325](/uploads/a74e35270a0d8b4bad31662a44f7e843/Screenshot_20230725-120325.png)the text lost its centering
![Screenshot_20230725-120325](/uploads/a74e35270a0d8b4bad31662a44f7e843/Screenshot_20230725-120325.png)Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/core/arti/-/issues/984Concrete implementation of onion service state-management code2024-01-09T16:43:50ZNick MathewsonConcrete implementation of onion service state-management codeWe should make sure that we build onion services by default using persistent on-disk storage for their state.
Part of #729. See also #983We should make sure that we build onion services by default using persistent on-disk storage for their state.
Part of #729. See also #983Arti: Onion service supportIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/983Abstract version of persistent state for onion services2024-01-09T16:40:10ZNick MathewsonAbstract version of persistent state for onion servicesThis is somewhat underspecified. We'll need a function that lets the api-user of an onion service provide a mechanism for getting and storing the persistent state associated with that onion service, when necessary. This might be as sim...This is somewhat underspecified. We'll need a function that lets the api-user of an onion service provide a mechanism for getting and storing the persistent state associated with that onion service, when necessary. This might be as simple as providing an `impl StateMgr` or (more likely) an `impl StateHandle<HsState>`.
There may or may not be need to integrate with the keymgr code, depending on how hard or easy we think key export should be.
Part of #729.Arti: Onion service supportIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/977Implement hsdir publisher2023-08-25T18:01:05ZNick MathewsonImplement hsdir publisherWe'll need a piece of code to encode and upload a new onion service descriptor as appropriate.
Part of #697.We'll need a piece of code to encode and upload a new onion service descriptor as appropriate.
Part of #697.gabi-250gabi-250https://gitlab.torproject.org/tpo/core/arti/-/issues/967Make introduction points part of an onion service's persistent state2023-12-04T19:24:05ZNick MathewsonMake introduction points part of an onion service's persistent stateIn !1429, @diziet came up with a system that is in many ways better than C tor's approach. Instead of forgetting our intro points on each restart, we'd save them as persistent data.
We are not planning to do this as part of our first i...In !1429, @diziet came up with a system that is in many ways better than C tor's approach. Instead of forgetting our intro points on each restart, we'd save them as persistent data.
We are not planning to do this as part of our first implementation phase, but it might improve reliability. We should see if the ~"Onion Services Coalition" is interested.Arti: Onion service supportIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/966hsclient descriptor download due to IPT nacks2023-11-14T16:43:40ZIan Jacksoniwj@torproject.orghsclient descriptor download due to IPT nacksAs per https://gitlab.torproject.org/tpo/core/arti/-/issues/913#note_2914467, Arti's current HS client behaviour wrt the service descriptor is:
> Ie if it's not expired we assume it's still good to use, even if we are making repeated at...As per https://gitlab.torproject.org/tpo/core/arti/-/issues/913#note_2914467, Arti's current HS client behaviour wrt the service descriptor is:
> Ie if it's not expired we assume it's still good to use, even if we are making repeated attempts to connect to the HS - with that descriptor - and they're all failing.
I am informed on IRC that the confirmation there, that this is correct behaviour, was due to a misunderstanding. This behaviour is in fact wrong.
If Arti gets NACKs from the IPTs, it needs to re-download the descriptor. (The service may have been restarted and our descriptor may therefore be out of date.)
In more detail:
* At some threshold of NACKs from IPTs, Arti should re-download the descriptor.
* If it manages to obtain a different descriptor it should try the IPTs in the new descriptor instead.
* "different" and "new" is according to the revision counter in the descriptor.
It's not clear precisely how hard Arti should try to obtain a different descriptor. After all, the service may not have managed to update all the hsdirs. So maybe Arti should try several.
Details of the correct retry algorithm aren't clear. Ideally the overall system would have the following properties:
* Restarting an HS service can be done without generating a persistent loss of availability on clients
* Faulty hsdirs don't cause loss of availability provided there are enough working hsdirs
* Trouble from faulty relays or "bad weather" isn't "magnified" by the hsdir/descriptor system
*This* ticket represents the required changes to Arti's client behaviour. There are also implications for the work-in-progress server-side work, eg !1429
CC @nickm @dgouletArti: Feature parity with the C implementationIan Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41279Enable s3 storage for runners2023-09-25T15:03:43Zmicahmicah@torproject.orgEnable s3 storage for runnersNow that [minio s3 storage is setup](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41257) it would probably be worth setting up the runner cache to use the s3 storage, which will make the cache available to all runners.
Its a fair...Now that [minio s3 storage is setup](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41257) it would probably be worth setting up the runner cache to use the s3 storage, which will make the cache available to all runners.
Its a fairly simple change to the runner's `config.toml`, something like the following works:
```
[[runners]]
name = "xxx"
output_limit = 10240
url = "https://xxx"
id = 0
token = "xxx"
token_obtained_at = 0001-01-01T00:00:00Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "docker"
pre_clone_script = "umask 022"
pre_get_sources_script = "umask 022"
[runners.cache]
Type = "s3"
Shared = true
MaxUploadedArchiveSize = 0
[runners.cache.s3]
ServerAddress = "objects.torproject.org"
AccessKey = "gitlab"
SecretKey = "xxx"
BucketName = "gitlab-runner"
BucketLocation = "seattle"
[runners.docker]
tls_verify = false
image = "docker:stable"
privileged = true
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/certs/client", "/cache", "/run/docker.sock:/run/docker.sock"]
shm_size = 0
```Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/torspec/-/issues/212Merge finished proposals2023-08-24T18:34:18ZNick MathewsonMerge finished proposalsThe following proposals are marked FINISHED, meaning that they have been built, but not merged into the main specs. We should finish them.
* [`260-rend-single-onion.txt`](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/prop...The following proposals are marked FINISHED, meaning that they have been built, but not merged into the main specs. We should finish them.
* [`260-rend-single-onion.txt`](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/260-rend-single-onion.txt): Rendezvous Single Onion Services (Finished)
* [`332-ntor-v3-with-extra-data.md`](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3. (Finished) See !163.
* [`333-vanguards-lite.md`](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/333-vanguards-lite.md): Vanguards lite (Finished)
@mikeperry @dgoulet I can do 332. If you want to merge 360 and 333 that would be great, but if not it would be cool if you could spare the time to look them over to see whether they are accurate and need any changes to describe what Tor actually does. Once that is done, I can merge them if you don't have time.Nick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40906Add a var/essential_deps variable2023-07-26T15:08:09ZPier Angelo VendrameAdd a var/essential_deps variableAfter the Bullseye update, we don't have `less` in our Linux containers anymore.
We've added it to common dependencies, but it still isn't installed in projects like Firefox, in which we rewrite all the packages there.
Maybe we could h...After the Bullseye update, we don't have `less` in our Linux containers anymore.
We've added it to common dependencies, but it still isn't installed in projects like Firefox, in which we rewrite all the packages there.
Maybe we could have a set of essential packages, that we always include (and projects should never override).boklmboklmhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/412782FA physical key setup on forum.torproject.org2023-07-31T22:17:49ZThorin2FA physical key setup on forum.torproject.orgin setting up 2FA with my yubikey, it is not clear to me what to put for the registered name or how important this piece of info is ... the default placeholder is `user.second_factor.security_key.default_name`
![whatname](/uploads/4822...in setting up 2FA with my yubikey, it is not clear to me what to put for the registered name or how important this piece of info is ... the default placeholder is `user.second_factor.security_key.default_name`
![whatname](/uploads/4822cbc89f694e032374d7eb2d123a4d/whatname.png)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/25Implement Open-Invitation Distribution2023-08-21T15:15:42ZonyinyangImplement Open-Invitation DistributionLox should decide how to distribute open invitations. We have proposed handing out open invitations until they have been distributed to k(10) users and then moving on to another invitation. We likely will also need to decide an upper bou...Lox should decide how to distribute open invitations. We have proposed handing out open invitations until they have been distributed to k(10) users and then moving on to another invitation. We likely will also need to decide an upper bound of buckets that can be distributed each day so that we don't run out of open invitation buckets.
These are probably good enough for alpha and we should try to get metrics around how quickly we get to this k number of users each day as well as other things that can help us to refine this process.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/24Implement Metrics Reporting for Lox2023-10-31T21:19:34ZonyinyangImplement Metrics Reporting for LoxFrom the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want to include strategic reporting of metrics in our Lox deployment so that we are able to determine the effectiveness of Lox. The m...From the [Lox Roadmap](https://gitlab.torproject.org/tpo/anti-censorship/lox-rs/-/wikis/Lox-Roadmap) we want to include strategic reporting of metrics in our Lox deployment so that we are able to determine the effectiveness of Lox. The minimum metrics to measure are the following:
- [x] Prometheus metrics for counts of how often each library function is called from distributor
- [ ] How many bridges are in each rank
- [ ] Blockages from deployed bridgestrap instance
- [x] Remaining capacity (or if/when we run out of bridges to hand out to open inv)
Discussion, development of these and additional metrics to include in the initial deployment will be tracked in this issue.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41276give pavel access to limesurvey2023-10-25T21:49:39ZGabagaba@torproject.orggive pavel access to limesurvey@pavel will need access to the limesurvey instance to create surveys for project 144. Please give him access.@pavel will need access to the limesurvey instance to create surveys for project 144. Please give him access.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40905Go vendor archives ignore the nightly version override on testbuilds2023-08-07T20:57:17ZPier Angelo VendrameGo vendor archives ignore the nightly version override on testbuildsI'm building a testbuild based on nightly, and I got this error:
```
Tag lyrebird-0.1.0 is signed with key 07948FFA64160A425BCD27EAC732B1D1C28F4E2F
Created /home/pierov/buildstuff/tor-browser-build/tmp/rbm-qAFmLF/rbm-JZemR/lyrebird-0.1....I'm building a testbuild based on nightly, and I got this error:
```
Tag lyrebird-0.1.0 is signed with key 07948FFA64160A425BCD27EAC732B1D1C28F4E2F
Created /home/pierov/buildstuff/tor-browser-build/tmp/rbm-qAFmLF/rbm-JZemR/lyrebird-0.1.0.tar.gz
Build log: /home/pierov/buildstuff/tor-browser-build/logs/lyrebird-linux-x86_64.log
Finished build of project lyrebird - lyrebird-vendor-0.1.0-fdedf3.tar.gz
Error: Wrong sha256sum for /home/pierov/buildstuff/tor-browser-build/out/lyrebird/go_vendor/lyrebird-vendor-0.1.0-fdedf3.tar.gz.
Expected sha256sum: 8e9a5fd52f5a3a2b2b891389a224fcfc83b6c081658161bf40882b23fb58834c
```
But the sha256 is exactly the one for `lyrebird-vendor-a4e3be7815ec-916bbf.tar.gz` I got by running `make go_vendor-lyrebird-nightly`!
So, I looked again at the filenames, and it seems that we're trying to use the version from alpha builds instead of the git abbreviated hash for some reason.boklmboklmhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41275give juga access to onbasca user in polyanthium2023-07-24T19:17:37Zmeskiomeskio@torproject.orggive juga access to onbasca user in polyanthium@juga is debuging the onbasca service and will be great if they can have access to work with the service directly.
I'm not sure if openpgp signes is needed, but here you go:
```plaintext
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
...@juga is debuging the onbasca service and will be great if they can have access to work with the service directly.
I'm not sure if openpgp signes is needed, but here you go:
```plaintext
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Juga should have access to the onbasca user in polyanthium
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEs7M6f/ZpXzXMAQR+Urj1rJei2oYFAmS+nHQACgkQUrj1rJei
2obr4BAAgM92nRV2nP9Ja7/jWRq+fdZo3l00c2Prso4bhiNHMNjP3Gbae/fO65ky
ZcsDvmM34ZLdQtUKVi1vt0uoYC1TFnSGkbMg6MzoejFjA0uzidLj8kfB4XI6YZcG
CAzieGXYUxsoouf4cyt77pNtkGwBgYRXoKT8uJysPfeGSa7QxJfMZEZa3M7SUgOP
96tMildCPoHoYi+BMZjFUjsWhUkpHEfAilKl6vwzs3PjsLiv0Tgx/JDiRbB+L1Bd
V1uWYEBV3+yqxDvIltZaV5dqVgiJ2HBmE1+ecJlBvmrhUb07Ddyn911Zkys/PLhH
26Y+crM35OjyI5EdSk2V1b2ri68Yx3vcHH0Bas5crC6zItzmJVYyUwaJQDvoL1mT
ppx3FHBtRn5AjBbXHBElFLidnpqOWPICEKiXDM1nvoHmtcvJKIhvreY+Rm0Li6pP
p57ncwJu22e5LsVmbJcls51p8TFR7yIpd69qSycisfakL4CRm7FM+0wJBRRR7OjD
CinhywlpB/hDg8KXjlZ7OHrV1Y/wjBT5GAHoIrz4fmECiGtYedOjYZGrKfQI27UK
Sv7T0K9ADKK+FKoNN8fQU/elV+xxXeveGty13fjtUGdFpTOv+zNodRynxxPgvPWy
ocAJgX8SP9LiXmkhsar7icsiUHgyCezyJefmyyuAuqlSLTHdlh4=
=2FOd
-----END PGP SIGNATURE----
```Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/195Get hiring process going for PM role2023-10-10T15:39:17ZGabagaba@torproject.orgGet hiring process going for PM roleGabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40096Relay Search lists exit address despite it being the same as OR address2023-09-07T14:42:24ZcypherpunksRelay Search lists exit address despite it being the same as OR addresswhile claiming
>Only lists addresses that are different from the OR addresses.
Examples:
https://metrics.torproject.org/rs.html#details/CBF59EC5B9FD108092AE9149EFDAE41F882DA669
https://metrics.torproject.org/rs.html#details/A0B5B5906EB...while claiming
>Only lists addresses that are different from the OR addresses.
Examples:
https://metrics.torproject.org/rs.html#details/CBF59EC5B9FD108092AE9149EFDAE41F882DA669
https://metrics.torproject.org/rs.html#details/A0B5B5906EB13F213D7CA9AFEC91934BE3A5930FGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/40021Relay Search lists exit address despite it being the same as OR address2023-08-25T07:39:59ZcypherpunksRelay Search lists exit address despite it being the same as OR addresswhile claiming
>Only lists addresses that are different from the OR addresses.
Examples:
https://metrics.torproject.org/rs.html#details/CBF59EC5B9FD108092AE9149EFDAE41F882DA669
https://metrics.torproject.org/rs.html#details/A0B5B5906EB...while claiming
>Only lists addresses that are different from the OR addresses.
Examples:
https://metrics.torproject.org/rs.html#details/CBF59EC5B9FD108092AE9149EFDAE41F882DA669
https://metrics.torproject.org/rs.html#details/A0B5B5906EB13F213D7CA9AFEC91934BE3A5930FGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/network-health/margot/-/issues/38Replace StructOpt by Clap and improve documentation2023-08-09T16:22:33ZjugaReplace StructOpt by Clap and improve documentationIt would remove some verbosity documenting commands and arguments.It would remove some verbosity documenting commands and arguments.jugajugahttps://gitlab.torproject.org/tpo/network-health/margot/-/issues/37Refactor code2023-08-09T16:22:19ZjugaRefactor codeThis would help with #21, #34, team#27, creating/modifying filters and subcommands. It could also help identify almost identical code for some subcommands.
Most of it would consist on just rename structs, enums and variables. For exampl...This would help with #21, #34, team#27, creating/modifying filters and subcommands. It could also help identify almost identical code for some subcommands.
Most of it would consist on just rename structs, enums and variables. For example filter is used extensively and can be confused with rust `filter` method.
It'd also consists on moving parts of code to different files, for example, the definition of traits used by all the structs.jugajuga