The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-02-07T14:52:40Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41056DNS txt record for maven central authentication2023-02-07T14:52:40Zmicahmicah@torproject.orgDNS txt record for maven central authenticationHello fine admins,
As part of making a nice integrated developer experience for mobile development with arti (eg. onionmasq, torvpn, the guardian arti integration work), the Tor Project needs to have a Maven Central account. Maven Centr...Hello fine admins,
As part of making a nice integrated developer experience for mobile development with arti (eg. onionmasq, torvpn, the guardian arti integration work), the Tor Project needs to have a Maven Central account. Maven Central is library and artifact repository that is used for everything that is Android and Java.
In order to get control of the `org.torproject` namespace there, we need to authenticate ourselves by [inserting into DNS a TXT record](https://central.sonatype.org/faq/how-to-set-txt-record/#check-txt-record) that Maven Central will check to validate ownership.
The TXT record is temporary, once its validated, we can take it out, the record value should be `OSSRH-88490` which is how their documentation indicates that this text record is the same as [the JIRA ticket number for the request](https://issues.sonatype.org/browse/OSSRH-88490)anarcatanarcathttps://gitlab.torproject.org/tpo/team/-/issues/133prepare retrospective pad for last 2 proposals sent for funding2023-01-31T22:00:26ZGabagaba@torproject.orgprepare retrospective pad for last 2 proposals sent for fundinghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41046Deploy the bridge scanner2023-03-10T08:15:28ZjugaDeploy the bridge scannerWe need to deploy [onbasca](https://gitlab.torproject.org/tpo/network-health/onbasca), a bridge scanner that communicates with rdsys via Web and might replace bridgestrap in the future (https://gitlab.torproject.org/tpo/anti-censorship/r...We need to deploy [onbasca](https://gitlab.torproject.org/tpo/network-health/onbasca), a bridge scanner that communicates with rdsys via Web and might replace bridgestrap in the future (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/150). It needs python, other python packages and postgres.
If deployed in a different vm as polyanthum, we might need to create a tunnel because atm there's no any authentication mechanism.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-02-15https://gitlab.torproject.org/tpo/tpa/team/-/issues/41045Create mail onion at torproject.org2023-03-05T15:29:38ZGabagaba@torproject.orgCreate mail onion at torproject.orgWe need a mail onion at torproject dot org that sends the emails to @rhatto and @raya. It could be an alias or an RT queue. They are going to get external requests there and we may have other people in the future attending them. I'm lean...We need a mail onion at torproject dot org that sends the emails to @rhatto and @raya. It could be an alias or an RT queue. They are going to get external requests there and we may have other people in the future attending them. I'm leaning toward having this in RT instead of an alias.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41043remove the chi-node-14-verylarge runner from the shared pool2023-01-31T18:18:01Zanarcatremove the chi-node-14-verylarge runner from the shared poolwe've had multiple cases of users abusing our runners (e.g. https://gitlab.torproject.org/tpo/tpa/team/-/issues/41032) which wouldn't be *that* bad if it wasn't blocking production for our users. i was under the impression that a single ...we've had multiple cases of users abusing our runners (e.g. https://gitlab.torproject.org/tpo/tpa/team/-/issues/41032) which wouldn't be *that* bad if it wasn't blocking production for our users. i was under the impression that a single job wasn't supposed to block the runner, which is why it was acceptable to have it in the shared pool, but because this is blocking urgent production work for @mikeperry and others, we should, as a stopgap, remove it from the shared pool.
/cc @lavamind @ahfJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-01-31https://gitlab.torproject.org/tpo/tpa/team/-/issues/41042monitor individual gitlab runners2023-08-18T02:56:38Zanarcatmonitor individual gitlab runnersthe only monitoring we have of GitLab CI right now is how many jobs are pending or running, it's useful but not enough.
i believe the runners themselves provide more information through a prometheus exporter. see how that works and try ...the only monitoring we have of GitLab CI right now is how many jobs are pending or running, it's useful but not enough.
i believe the runners themselves provide more information through a prometheus exporter. see how that works and try to tap into that, to answer questions like:
* https://gitlab.torproject.org/tpo/tpa/team/-/issues/41032#note_2872402: "In the meantime, how can i check the status of `chi-node-14-verylarge`? I have another job waiting for 20 hours on it right now."
* "what is the average wait time on runners"
* etc? what else?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41039check.tpo times out, and sometimes bridges.tpo too2023-03-21T21:28:20ZHirocheck.tpo times out, and sometimes bridges.tpo tooPeople are noticing check.tpo is timing out. I thought this was as service issue and had open a bug for it (https://gitlab.torproject.org/tpo/network-health/metrics/tor-check/-/issues/40011) but I have also noticed a lot of network activ...People are noticing check.tpo is timing out. I thought this was as service issue and had open a bug for it (https://gitlab.torproject.org/tpo/network-health/metrics/tor-check/-/issues/40011) but I have also noticed a lot of network activity for the machine (https://grafana1.torproject.org/d/xfpJB9FGz/1-node-exporter-for-prometheus-dashboard-en-v20201010?orgId=1&var-origin_prometheus=&var-job=node&var-hostname=All&var-node=check-01.torproject.org:9100&var-device=All&var-interval=2m&var-maxmount=%2Fsrv&var-show_hostname=check-01&var-total=94) could it be that check is getting a lot of requests?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41038Please add beth@ to network-team@2023-01-23T21:09:10ZAlexander Færøyahf@torproject.orgPlease add beth@ to network-team@Please add beth@ to the network-team@ email alias so she can get updates on team stuff.Please add beth@ to the network-team@ email alias so she can get updates on team stuff.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41036needrestart configuration clobbers sane exclude list2023-01-23T19:09:39Zanarcatneedrestart configuration clobbers sane exclude listAt home I use the same needrestart Puppet profile as we do here. Recently, I noticed that needrestart was rather aggressively killing my user sessions and, after tracking it down, I isolated the issue to needrestart. It would restart pro...At home I use the same needrestart Puppet profile as we do here. Recently, I noticed that needrestart was rather aggressively killing my user sessions and, after tracking it down, I isolated the issue to needrestart. It would restart processes that should normally be skipped like `gdm3`, `dbus`, and even `unattended-upgrades` itself, arghl.
I deployed this fix at home to work around the issue: //gitlab.com/anarcat/puppet/-/commit/2c48079c16cd700783f2d0394a8b3ad249c6a250
... and reported that as a bug in the puppet module as well:
https://github.com/xneelo/hetzner-needrestart/issues/24
I was about to just deploy this patch everywhere, but figured it might be safer to test it at home a little longer first, and to do a progressive deployment.
Changes live in the `needrestart-safe` branch in the tor-puppet.git repository.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41034Deploy tor-weather on weather-012023-03-21T18:37:30ZKezDeploy tor-weather on weather-01with <https://gitlab.torproject.org/tpo/network-health/tor-weather/-/merge_requests/33> is merged, i've got the documentation needed to deploy tor-weather on the weather-01 machinewith <https://gitlab.torproject.org/tpo/network-health/tor-weather/-/merge_requests/33> is merged, i've got the documentation needed to deploy tor-weather on the weather-01 machinehttps://gitlab.torproject.org/tpo/team/-/issues/130Complete documents for NCE for sponsor 962023-04-03T19:09:59ZGabagaba@torproject.orgComplete documents for NCE for sponsor 96Template and documents are in nextcloud.Template and documents are in nextcloud.Gabagaba@torproject.orgGabagaba@torproject.org2023-04-03https://gitlab.torproject.org/tpo/tpa/team/-/issues/41029look at fsn-node-05 spurious reboots2023-01-25T17:50:26Zanarcatlook at fsn-node-05 spurious rebootsJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/128Apply to gsoc 20232023-02-01T23:31:35ZGabagaba@torproject.orgApply to gsoc 2023- [x] Request for projects in tor-internal.
- [x] Update https://gitlab.torproject.org/tpo/team/-/wikis/gsoc
- [x] Apply to gsoc- [x] Request for projects in tor-internal.
- [x] Update https://gitlab.torproject.org/tpo/team/-/wikis/gsoc
- [x] Apply to gsoc2023-02-02https://gitlab.torproject.org/tpo/team/-/issues/127January report for s1392023-01-30T22:25:48ZGabagaba@torproject.orgJanuary report for s1392023-01-31https://gitlab.torproject.org/tpo/team/-/issues/124Information about licenses2023-01-12T20:21:49ZkngrhInformation about licensesI have searched the website after information about licenses for using, redistributing etc. content and software is possible.
Unfortunately I have not found anything.
Right now I would like to use the following picture: https://gitlab.to...I have searched the website after information about licenses for using, redistributing etc. content and software is possible.
Unfortunately I have not found anything.
Right now I would like to use the following picture: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/uploads/8716c3ba1226bd90009268a777ed2ccb/snowflake-diagram.png
in an wiki article about snowflake.
Is it allowed, which credentials need to be fullfilled.
In generell it would be very helpful, if the top landing site: https://gitlab.torproject.org/tpo/team where you are redirected from https://gitlab.torproject.org/, would contain a section with all needed license information about Tor.Gabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/123help on indicators for new SIDA proposal2023-01-12T19:28:30ZGabagaba@torproject.orghelp on indicators for new SIDA proposalhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41026data update service and timer on meronense2023-01-10T16:41:24ZHirodata update service and timer on meronenseI would need some help figuring out why the update service on meronense doesn't wait for the previous run to finish before starting a new one.
The timer and service are in puppet and they only start this script: https://gitlab.torprojec...I would need some help figuring out why the update service on meronense doesn't wait for the previous run to finish before starting a new one.
The timer and service are in puppet and they only start this script: https://gitlab.torproject.org/tpo/network-health/metrics/metrics-bin/-/blob/main/website/run-web.sh
\cc @gkanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41025Ask for closing tor-relays-fr mailing list2023-01-09T19:50:00ZChreAsk for closing tor-relays-fr mailing listHi all,
Can you close tor-relays-fr mailing list please? Thanks for help :smile:
Many of us, French relay operators and Tor volunteers, thought it would be useful to restart the tor-relays-fr list, to discuss Tor relays in French.
Ha...Hi all,
Can you close tor-relays-fr mailing list please? Thanks for help :smile:
Many of us, French relay operators and Tor volunteers, thought it would be useful to restart the tor-relays-fr list, to discuss Tor relays in French.
Having lost access to the original list created in 2012, we asked The Tor Project to create a new one. Arma was kind enough to respond, and despite his questions about the relevance of such a list, agreed to play along.
This new tor-relays list was created on 9/22/2020. Thank you Tor Project!
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-fr
But... after over two years of existence, this list is clearly not very active. Probably because most people running Tor relays are fluent enough in English to discuss directly on... tor-relays.
So we announce the closing of this list at the beginning of this year 2023, and we invite interested people to use on tor-relays (in English) !
Thank you for your help in trying to keep this list alive :smile:anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41024Fatal error from remote when pushing to alberti/ldap2023-02-01T17:52:21ZJérôme Charaouilavamind@torproject.orgFatal error from remote when pushing to alberti/ldapWhen updating the key for jnewsome in #41022 I hit a similar issue as #41013 :
```
$ git push alberti
Énumération des objets: 7, fait. ...When updating the key for jnewsome in #41022 I hit a similar issue as #41013 :
```
$ git push alberti
Énumération des objets: 7, fait.
Décompte des objets: 100% (7/7), fait.
Compression par delta en utilisant jusqu'à 4 fils d'exécution
Compression des objets: 100% (4/4), fait.
Écriture des objets: 100% (4/4), 577 octets | 577.00 Kio/s, fait.
Total 4 (delta 3), réutilisés 0 (delta 0), réutilisés du pack 0
remote: + env -i make -C /srv/db.torproject.org/keyrings
remote: make: Entering directory '/srv/db.torproject.org/keyrings'
remote: umask 002 && \
remote: cd keyring && \
remote: git pull && \
remote: rm -f torproject-keyring.gpg && \
remote: ./build-keyring && \
remote: cp -f torproject-*.gpg ..
remote: fatal: detected dubious ownership in repository at '/srv/db.torproject.org/keyrings/keyring'
remote: To add an exception for this directory, call:
remote:
remote: git config --global --add safe.directory /srv/db.torproject.org/keyrings/keyring
remote: make: *** [Makefile:5: torproject-keyring.gpg] Error 128
remote: make: Leaving directory '/srv/db.torproject.org/keyrings'
To alberti.torproject.org:/srv/db.torproject.org/keyrings/keyring.git
3ce936a..d00c61c master -> master
```
However, running the `git config` command did not fix the problem, likely because of the `env -i` bit unsetting `$HOME` and making `git` unable to find `$HOME`. I had to run `make -C /srv/db.torproject.org/keyrings` manually instead.
I'm wondering if the fix here is to change `git pull` with `git -c safe.directory=/srv/db.torproject.org/keyrings/keyring pull` in the Makefile?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41021Please change LDAP OpenPGP key for micah2022-12-22T19:40:43Zmicahmicah@torproject.orgPlease change LDAP OpenPGP key for micahHi,
The day before it expired, I broke my hardware token, where my OpenPGP key resided. I am unable to recover that key, or perform any operations with it. Unfortunately, the hardware token also contained my ssh key. This makes it so I ...Hi,
The day before it expired, I broke my hardware token, where my OpenPGP key resided. I am unable to recover that key, or perform any operations with it. Unfortunately, the hardware token also contained my ssh key. This makes it so I am unable to either use my currently configured ssh key for tor machines/services[0], and I cannot change that ssh key, because my OpenPGP key must be used to change the ssh key.
So I humbly request that you update my OpenPGP key. For obvious reasons, I'm unable to sign this request with my other key, so I'd have to do some kind of out of band confirmation.
My new key is as follows:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGOg+PcBEADa2wab1UFD0S7dyUKJzTZI3yqpwFV6Yq4dfB/gD/Xjzj709Dpr
SkyIiGS52dtk9KQFdysN6Tx9zd6NO71dNAXq3SbFaj5Gvnh8Mo9gTX7nujqMIWaR
tHitcrz8PT0LNBSauMpXpgQatyzZn/AcDAHKRrNK/7YLpAmodhfYZSfWZ+RLNgQZ
bnomNVCcKrySps4O/llGcJNVfbyg0PNfhPoKUvCle6/5D7YgEZI65wwhfTWD0z+M
EgyhMMLlv3MpbaiwABurEj+zjfKz2NUVzdYhhWHLHsur7nKM3FtzY9wr+4xXpuwE
oXyu5YeKSUq+xMwA4A8MXLuZgXQ5qcJ9/9HWQTm7KLlVhP296QFWx81CE+qScytC
aNJ4jcMobeQXmle3xQ/HMHuBmQfr4Rpe2WO5dz8au3ve6zqh9y/Nd8fViZZr42B3
LAsZz6MA58Sa4W4jvNGYcMt8LA+aH80dKAv+3/nQrR/Jkk2hS+wc1g1ZUHv5aJd4
jVeXp39bvfpTbDszyworQYFC6NFuBSWakgvkED0GlRQJkQnsbogHOEp1bby4uGKp
MWrGvsNnuuNv2N4/MVPsXp2lewQq3GlLreSPG4hLi+pDDmGSN5Chj3neS0o/Kaeu
MuBcgSY6gxiTBW2nuFMD6cW3PjlX+TwxB7a0wjzVuTRTn5ayzCW4sVv27QARAQAB
tCFNaWNhaCBBbmRlcnNvbiA8bWljYWhAcmlzZXVwLm5ldD6JAlQEEwEKAD4WIQSk
DUXsofJWBG6qsRE2UNMQliHDhgUCY6D49wIbAwUJAeEzgAULCQgHAwUVCgkICwUW
AgMBAAIeAQIXgAAKCRA2UNMQliHDhrn9D/4+5By/ohLQ3gQjbYS3xIbflRhDUPTd
vx0z6MJdfWn7uXKGgSmrZqaBs+XH/tslEW/hkXQvSHnqb61XJmT996QkUwgmBWw0
OY9Y8Gvc4BVVZDpJeF7THP0NoXLMKazxoshHnzZSez25njCd/pno9HTQPp0OIoQJ
jVCeOgJ/YHqLVFggNKyFPBQnkJzb6jfiHTs0bONnYplZH0OvhN6e1LJZMMTciMtJ
Y6K0XK5754vS7emhHK53XZDabcjCea2OBFfyOwBGyONA0DtVmWwTlCe+DGVZvZ0u
1EjdcKm5x6Dv+E/RYmxNpI5H3SKrMxDPvEM5JIrRS2jFMyKKWVrHf4cFdSPr5kMu
KLpmugAZEdqjst2Y8HsLVlGW2ARnpJ0ifpVZsJUad9CAVN7gVq8Y1lKOh6DOkLSX
E567DLYWjNsU712XhLiwXw3SdWXSKm31y8Rg3lUZxBku1fIfKh0eWnfNYdSCaUAy
VFMVaFGcTXJlcvYLjNlVNfRwBchtmWhSAB5a/fm2YpxWwZCnPku8iPlYDh02GQvI
67D/wplZZujHXo4dblvdieFzkBZjHaHcXWaDTXiX4yE1NAj056C12tY2zn/+0unu
TVt4tTo7XSBMIWKxCXA9N7aqBUvkF+e37srUAfK7z0hIRbc3FN+N1LbUN2T2XFnK
+qcXRlfQ262ghrkCDQRjoPj3ARAAq4hy2tGQTkdoVHwGHQ72LQt0OHMMA4QAcJTD
Ne9x5hG4KOY4POG3FbHgkJaI7e1uD6RGFpqHI8YlnaUI6RP7xMX4xlOqclPP38CY
t1RcXNulY25p7TzMjOLLiBa2uaLJIu/9kx0puTUBa2aIj/wAHcWI0yxyH2dz+BI9
eTSToJysVx4nAvdS4ppQHoVHThvEjJ/tysREbvhnsMDzxPuThoxuCcjEYwZXKHiq
OXbPoAjlFqih3jU1lq1LyweP3W21Ei3qau8bZl3RAm+Rt6mArDmcFM8iaQSK5nrj
y+yH4BKeYwZJTHeaQ3dAocNi3fylzW2of3/cW7AtSKTv+yAkpEX70eIjNERVqYwa
5nNkf52dNgjhqZSvMetXA5IsM8DsMyuiNGtCrGfR2K4j0xrXNL3RPsUYGc1v8bGi
j6c9a3ksFyFWb6Csg133cSPVm8siFCeQgILHXsAPhvWt/4CsPqMmvvES/R+C8KNx
hIzjWqIeGkA221l5YVcAL+hd/Ia99eHxaQdPgtL5KBXwziX1+ArrGjeyxVCFwVxR
p3LHdgTfQs3WSy+aLyB4uh5vJSJLdjVgLHv6gHyxIHUbgZ8PBGbIfEArvU1rByv9
5z3sk6pAhxGnnQlHrULL4cERvooVENAL2TYgOYYnk9Z4qnkonX/LHJcaEeE/sU1X
EQQZwcMAEQEAAYkCPAQYAQoAJhYhBKQNReyh8lYEbqqxETZQ0xCWIcOGBQJjoPj3
AhsMBQkB4TOAAAoJEDZQ0xCWIcOGwbIQALNDQwp5nUphg5PaiAIRYAzFfofaMSte
I7qJu5ajg42AgIM/eU0XPB32hassQzc0zKfrwsZROSjX2jm6T84/iEc53NLsmfnU
L9ZLp+mU4M4C81ouAERX8MmYWv37vwWOioDaWyLh0ugeaguuwQb8b+YifksGrvpe
ZeOGYxvqVEAYLhiX3EGZFJO5s0xjVA2I/tHeE/kiRpvxg1vEB3W7WMOPPfgDgfQh
AG3LNC7jXQ4CvjMvQs54h0eAHRukCWC7jHnRavACERZUgrTQGpSNF08DFn6o6ned
yHgJ2RWvLFVM4LFvhNXbKvVp5Sp+iPWPK+9lIg3A9H2pIhPFjb7VILciwaEVFWFf
VMw96kyKLIQQ65gmHLSYgI7zTFCU3akaSQmSPzdFents/CugnIjOn6Ybb+VkT8iN
t55djtsnDi9dS7P6ZNkILkyeCWUZtehIw3C2zdsVQBFQa2Zwd/wDMXDM+51hMX07
k3HxZDAvDiAq72vTKep2cWnseRVhtWrLkYj3BwO+T1iKlXyt6lvqfKLB4ATNldMs
I0CmUA76eeUkPb0CxDqCWUtXogu+4RL7JRtMHelKvxOIjiBSOQPA4TI61EXO9jH0
6hZtURg0Mn69rvA7FhaH1KccDwobLUsQ4uQylJK4dfEhIXqeL37y/mT+N/0Gv99e
mA8voJu0yYiE
=X42i
-----END PGP PUBLIC KEY BLOCK-----
```
Which can be additionally found at [keys.openpgp.org](https://keys.openpgp.org/search?q=micah%40riseup.net)
0. except gitlab, where I was able to update my keys/loginanarcatanarcat