The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-01-16T13:08:32Zhttps://gitlab.torproject.org/tpo/team/-/issues/219Budget for Translations into Turkmen2024-01-16T13:08:32ZGabagaba@torproject.orgBudget for Translations into TurkmenWe need to write the budget and scope to request Localization Lab for the translation for turkmen.
cc @emmapeelWe need to write the budget and scope to request Localization Lab for the translation for turkmen.
cc @emmapeelGabagaba@torproject.orgGabagaba@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41348Help needed with torspec migration (see proposal 345) hosting.2024-01-11T21:34:29ZNick MathewsonHelp needed with torspec migration (see proposal 345) hosting.Hi! As part of [proposal 345](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/345-specs-in-mdbook.md), I want to migrate the rendered format of torspec.git to the web. We'll have a nice easy gitlab CI hook that get...Hi! As part of [proposal 345](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/345-specs-in-mdbook.md), I want to migrate the rendered format of torspec.git to the web. We'll have a nice easy gitlab CI hook that gets run whenever the specs change, but after that point the whole process becomes a bit murky in my head.
To be concrete, here is what I'd like (if it's not too hard):
1. I'd like to know the right way to cause the CI hook to result in a pile of rendered HTML getting put on spec.tpo. This can replace the existing content of spec.tpo, which won't need to be on puppet any longer; I'll be sure to keep the links working.
2. If possible, I'd like a temporary subdomain (specs2.torproject.org? specs-demo.torproject.org?) for the script to target while to target while this is under development. This subdomain doesn't need to get CDN support, and it can get deleted completely after the migration is done and the CI hooks target the regular spec.tpo.
As an alternative to 2, we could just temporarily blow away spec.tpo, but that would put more time pressure on me to get it fixed fast, which might not be so great.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41347Move tor-pristine-upstream.git to GitLab2023-11-29T22:24:59ZJérôme Charaouilavamind@torproject.orgMove tor-pristine-upstream.git to GitLabDuring a work session with @weasel today about releasing new tor versions to our Debian repository we agreed we should move over `tor-pristine-upstream.git` to GitLab, as it currently lives only on git-rw.tpo.During a work session with @weasel today about releasing new tor versions to our Debian repository we agreed we should move over `tor-pristine-upstream.git` to GitLab, as it currently lives only on git-rw.tpo.legacy Git infrastructure retirement (TPA-RFC-36)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41346Migrate pauli to gnt-dal2023-10-11T12:35:03ZJérôme Charaouilavamind@torproject.orgMigrate pauli to gnt-dalWhile working on tpo/tpa/team#41341 we figured out that the latency between gnt-dal and gnt-fsn is likely the cause of additional delays when running a Puppet agent run, when `pauli` is configured to use the `puppetdb-01` PuppetDB backen...While working on tpo/tpa/team#41341 we figured out that the latency between gnt-dal and gnt-fsn is likely the cause of additional delays when running a Puppet agent run, when `pauli` is configured to use the `puppetdb-01` PuppetDB backend.
We decide to attempt to migrate `pauli` from gnt-fsn to gnt-dal in the hope that this will remove the extraneous delays.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2023-10-12https://gitlab.torproject.org/tpo/tpa/team/-/issues/41343Onionoo backends out of disk space2023-11-20T21:57:17ZHiroOnionoo backends out of disk spaceSeems the onionoo backends have run out of disk space on /srv. Can we increase space? I think if we could add 10 More GB to each host at least (ideally 20) it would be ok.Seems the onionoo backends have run out of disk space on /srv. Can we increase space? I think if we could add 10 More GB to each host at least (ideally 20) it would be ok.anarcatanarcathttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/17Clean up and improve the user support FAQ text2023-11-30T16:16:39ZRoger DingledineClean up and improve the user support FAQ text# About the project
* Contact: Roger Dingledine
* Chat: #tor-www on `irc.oftc.net` / [#tor-www](https://matrix.to/#/#tor-www:matrix.org) on matrix
* Video room: https://tor.meet.coop/pav-g4m-iys-h7n (kick off meeting on Monday, 06 No...# About the project
* Contact: Roger Dingledine
* Chat: #tor-www on `irc.oftc.net` / [#tor-www](https://matrix.to/#/#tor-www:matrix.org) on matrix
* Video room: https://tor.meet.coop/pav-g4m-iys-h7n (kick off meeting on Monday, 06 November at 14 UTC)
* Pad: https://pad.riseup.net/p/improve-support-faqs-hackweek-qwjebqwjqedwqebdj
# Participants
- Roger Dingledine
- ebanam
- @gus
- you?
# Summary
Tor has a huge variety of FAQ entries on support.torproject.org, copied over from the original FAQ, the abuse FAQ, etc. When we made support.tpo, we only took some of the entries. Then we updated those over the years, but actually we have mostly left them alone -- I imagine it's hard for most individuals to decide to change one of these support entries, because they don't know who needs to buy in, or they worry that somebody else thinks it's perfect the way it is.
Let's look again at the big picture of which entries are useful, which ones are right, and whether there are any missing. The outcome will be a better support site.
# Skills
We will need people who know how to technical write, people who know what problems/questions/concerns Tor users encounter, people who know how Tor and Tor Browser work, people who have an interest in Tor comms and framing, and people who know basic html/markup. These don't all have to be the same people! :)
# LinksHackweek 2023Roger DingledineRoger Dingledinehttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41341Deploy new PuppetDB server2023-10-04T21:47:02ZJérôme Charaouilavamind@torproject.orgDeploy new PuppetDB serverAs part of tpo/tpa/team#40696 we decided to deploy a new PuppetDB server alongside the old puppet master.
The hope is we can make progress on the Puppet upgrade plan by replacing the current PuppetDB running on `pauli` with this new one.As part of tpo/tpa/team#40696 we decided to deploy a new PuppetDB server alongside the old puppet master.
The hope is we can make progress on the Puppet upgrade plan by replacing the current PuppetDB running on `pauli` with this new one.Debian 12 bookworm upgradeJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/217Q3 Reports for DRL sponsored projects2023-10-30T13:45:49ZGabagaba@torproject.orgQ3 Reports for DRL sponsored projects61
- [x] Write the last report for the project
- [x] Gather indicators https://nc.torproject.net/f/462462
- [x] Send final docs to team for review
- [x] Send final docs to Bekeela and Isabela for review
96
- [x] Send mail [requesting i...61
- [x] Write the last report for the project
- [x] Gather indicators https://nc.torproject.net/f/462462
- [x] Send final docs to team for review
- [x] Send final docs to Bekeela and Isabela for review
96
- [x] Send mail [requesting info](http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/sponsor96-next-report)
- [x] Get narrative into the report
- [x] Gather indicators
- [x] Send final docs to team for review
- [x] Send final docs to Bekeela and Isabela for review
101
- [x] Send mail [requesting info](https://pad.riseup.net/p/sponsor101-next-report)
- [x] Get narrative into the report
- [x] Gather indicators
- [x] Send final docs to team for review
- [x] Send final docs to Bekeela and Isabela for review
112
- [x] Send mail [requesting info](https://pad.riseup.net/p/sponsor112-next-report)
- [x] Get narrative into the report
- [x] Gather indicators
- [x] Send final docs to team for review
- [x] Send final docs to Bekeela and Isabela for reviewGabagaba@torproject.orgGabagaba@torproject.org2023-10-25https://gitlab.torproject.org/tpo/tpa/team/-/issues/41336mandos not working for dal-rescue-022023-10-02T19:48:53ZJérôme Charaouilavamind@torproject.orgmandos not working for dal-rescue-02When rebooting `dal-rescue-02`, it gets stuck in the initramfs, at the luks prompt.
Normally, mandos takes care of supplying the password to allow the boot process to complete, but it's not working.
I checked the configuration on the m...When rebooting `dal-rescue-02`, it gets stuck in the initramfs, at the luks prompt.
Normally, mandos takes care of supplying the password to allow the boot process to complete, but it's not working.
I checked the configuration on the mandos server and at a glance it checks out. The problem is probably that the luks password in mandos is not present as a luks key slot on `dal-rescue-02`.anarcatanarcathttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/16Collaborative editing2023-11-30T16:16:40ZSilvio RhattoCollaborative editing# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @meskio
- @rhatto (I'm looking for someone to be the new maintainer/coordinator/asignee for this proposal, as I ma...# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @meskio
- @rhatto (I'm looking for someone to be the new maintainer/coordinator/asignee for this proposal, as I may participate only marginally on it)
- @micah
- @shelikhoo (Partially)
# Summary
This is about enhancing ways we deal with [Etherpads](https://etherpad.org/).
## Project A - Nextcloud collaborative editor
* [x] Try the Nextcloud collaborative editor as an attempt at reducing the number of external tools we have to deal with.
## Project B - Etherpad
* [x] Etherpad archival utility/GitLab bot (as ticket comments, merge requests etc). Use case: add pad links into the ticket description, and the bot will act regularly, submitting changes somewhere. Maybe this already exists? We may also try to expand this use case for other document sources/platforms.
* [ ] Investigate the possibility to run our own etherpad, and not use the pad cleanup that Riseup does, and then the pads can be integrated with Nextcloud.
## Project C - CryptPad
* [x] Etherpad may be winding down development, and we should re-consider [CryptPad](https://cryptpad.fr/), which has a number of document management utilities bundled with it.
## Project D - HedgeDoc
* [ ] Try [HedgeDoc](https://hedgedoc.org/), "an open-source, web-based, self-hosted, collaborative markdown editor".
# Skills
What are the skills needed for the project:
* Not sure yet! Maybe no specific skills needed.
* Etherpad autosaving may depend on the knowledge needed to create GitLab bots and other scripts.
# LinksHackweek 2023micahmicah@torproject.orgmicahmicah@torproject.org2023-11-09https://gitlab.torproject.org/tpo/tpa/team/-/issues/41334Endpoint for containers.torproject.org is confused2023-09-25T16:22:02Zmicahmicah@torproject.orgEndpoint for containers.torproject.org is confusedIf I attempt to pull an image from the container registry like this:
```
$ podman pull containers.torproject.org/tpo/tpa/container-images:bookworm
```
I get this error:
```
Error: initializing source docker://containers.torproject.org...If I attempt to pull an image from the container registry like this:
```
$ podman pull containers.torproject.org/tpo/tpa/container-images:bookworm
```
I get this error:
```
Error: initializing source docker://containers.torproject.org/tpo/tpa/container-images:bookworm: pinging container registry containers.torproject.org: Get "https://containers.torproject.org/v2/": x509: certificate is valid for gitlab-02.torproject.org, not containers.torproject.org
```Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41333Update torbrowser@torproject.org key in wkd2023-09-25T20:46:47ZboklmUpdate torbrowser@torproject.org key in wkdIt is possible to get the torbrowser gpg key with:
```
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
```
The key that is returned by this needs to be updated for a new expiration date on the subkey. The upd...It is possible to get the torbrowser gpg key with:
```
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
```
The key that is returned by this needs to be updated for a new expiration date on the subkey. The updated key is:
https://people.torproject.org/~boklm/tmp/_torbrowser_extended_2023.ascanarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41330Create a `lox` user on rdsys-frontend-012023-10-23T18:30:48ZCecylia BocovichCreate a `lox` user on rdsys-frontend-01On the rdsys-frontend-01 machine, we're going with the plan to create a user per service and setup systemd for that user (see https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167#note_2943424)). We're planning to deploy t...On the rdsys-frontend-01 machine, we're going with the plan to create a user per service and setup systemd for that user (see https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/167#note_2943424)). We're planning to deploy the lox distributor and would like a user for that service.
cc @meskio @onyinyanganarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41328build container (AKA "docker") images from scratch inside GitLab CI2023-10-06T17:37:19Zanarcatbuild container (AKA "docker") images from scratch inside GitLab CIso we've had a few issues tracking this in the past, but none directly saying "i want to build containers here please".
we've had one issue to enable the container registry (https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89) and ...so we've had a few issues tracking this in the past, but none directly saying "i want to build containers here please".
we've had one issue to enable the container registry (https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/89) and one asking for user namespaces (https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/90), but both of those were either too broad or off topic, or are now irrelevant as we're running containers from podman now (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41296 and https://gitlab.torproject.org/tpo/tpa/team/-/issues/41327).
so this issue aims at solving the "let's build a container inside GitLab CI" problem. TPA's current documentation on the matter shows how to do this with kaniko, but as @micah explained elsewhere (https://gitlab.torproject.org/tpo/tpa/container-images/-/merge_requests/1#note_2930961):
> However, to use Kaniko, we'd have to use an upstream container (`gcr.io/kaniko-project/executor:v1.9.0-debug`), which defeats the purpose of building our own containers.
so let's see if we can bootstrap some container trust chain here. this should probably be done inside the https://gitlab.torproject.org/tpo/tpa/container-images/ project, but that's not mandatory.
@micah i hope you don't mind me creating an actual issue for this, i feel it's better than referencing a MR...micahmicah@torproject.orgmicahmicah@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41327test and possibly replace docker with podman in GitLab runners2023-09-25T15:00:57Zanarcattest and possibly replace docker with podman in GitLab runnersGitLab *finally* managed to port the GitLab runner infrastructure to be useable with Podman:
- https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
- https://about.gitlab.com/releases/2022/08/22/gitlab-...GitLab *finally* managed to port the GitLab runner infrastructure to be useable with Podman:
- https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
- https://about.gitlab.com/releases/2022/08/22/gitlab-15-3-released/#gitlab-runner-153
- https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27119
this could be tremendously useful for us, in many ways:
1. podman makes it much easier to run "rootless" containers, which could significantly improve the security of our runners
2. that, in turn, could make it easier to build container images in runners (see gitlab#123, gitlab#90, gitlab#89 for background on that work, and https://docs.gitlab.com/runner/executors/docker.html#using-podman-to-build-container-images-from-a-dockerfile for the upstream docs)
3. podman doesn't require a daemon, so runner jobs would could directly under systemd which, in turn, might make gitlab-runner upgrades less disruptive
4. podman is simpler than docker and therefore easier to package in Debian, which means the package may be more up to date (for example, upstream docker is at 22.06-beta0, but unstable has 20.10.17, and stable 20.10.5, while podman is at 4.2.0, which is already packaged in experimental, unstable has 3.4.7 and stable 3.0.1)
Unfortunately, GitLab and Podman has fixed their things in version 15.3 (which we run) and 4.2.0 (which we don't), respectively. So we're not quite ready to run this from the Debian side of things. First the 4.2.0 podman release would need to get into unstable, and there testing. *Then* we could see if we can either get a backport running, or setup a bookworm runner, which therefore might make this part of the %"Debian 12 bookworm upgrade" milestone.
See this page for progress on the podman packaging: https://tracker.debian.org/pkg/libpodDebian 12 bookworm upgradeJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41325Rename chi-node-14 machine2023-09-21T18:38:02ZJérôme Charaouilavamind@torproject.orgRename chi-node-14 machineWhen we moved out of Cymru (tpo/tpa/team#40929), we had physical machine chi-node-14 shipped to Quintex in Dallas and plugged it directly in the new network, without reinstalling the machine.
This ticket tracks the work to rename it to ...When we moved out of Cymru (tpo/tpa/team#40929), we had physical machine chi-node-14 shipped to Quintex in Dallas and plugged it directly in the new network, without reinstalling the machine.
This ticket tracks the work to rename it to ci-runner-x86-03 to get rid of the legacy name and reflect its true usage.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41324Retire ci-runner-x86-012023-09-19T19:49:35ZJérôme Charaouilavamind@torproject.orgRetire ci-runner-x86-01Superseded by new podman-based runner `ci-runner-x86-02`.
1. ~~[ ] announcement~~ (N/A)
2. [x] nagios
3. [x] retire the host in fabric
4. [x] remove from LDAP with `ldapvi`
5. [x] power-grep
6. [x] remove from tor-passwords
7. ~~...Superseded by new podman-based runner `ci-runner-x86-02`.
1. ~~[ ] announcement~~ (N/A)
2. [x] nagios
3. [x] retire the host in fabric
4. [x] remove from LDAP with `ldapvi`
5. [x] power-grep
6. [x] remove from tor-passwords
7. ~~[ ] remove from DNSwl~~ (N/A)
8. [x] remove from docs
9. ~~[ ] remove from racks~~ (N/A)
10. [x] remove from reverse DNSJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41322Increase space on metrics-store-012023-11-20T20:52:05ZHiroIncrease space on metrics-store-01It seems that metrics-store-01 is out of space. We are archiving tarball from onionperf clients and would probably need a few more hundreds gigs.It seems that metrics-store-01 is out of space. We are archiving tarball from onionperf clients and would probably need a few more hundreds gigs.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/15Onion Reveal coding and documenting2023-12-11T09:46:02ZSilvio RhattoOnion Reveal coding and documenting# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto
- @gus
- etc
# Summary
This is a proposal to write a [reveal.js](https://revealjs.com/) compiler similar...# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto
- @gus
- etc
# Summary
This is a proposal to write a [reveal.js](https://revealjs.com/) compiler similar to [Onion TeX Slim][].
[Onion TeX Slim]: https://gitlab.torproject.org/rhatto/onion-tex-slim
## Project A - Writing
The first project in this proposal would be to actually write Onion Reveal. This software could work like this:
* [x] Use a Makefile/script target that traverses a folder looking for `.md` files.
* [x] Then it would build the HTML slides using a pandoc reveal template.
* [x] With CI/CD for automation, in a way that's easy to integrate into existing projects.
* [x] Localization support.
* [ ] With support for QR code generation, so it's easy to embed QR codes into slides.
Examples:
* [Files · main · The Tor Project / Web / community · GitLab](https://gitlab.torproject.org/tpo/web/community/-/tree/main)
* [templates/slideshow.html · main · The Tor Project / Web / community](https://gitlab.torproject.org/tpo/web/community/-/blob/main/templates/slideshow.html)
* [models/slideshow.ini · main · The Tor Project / Web / community](https://gitlab.torproject.org/tpo/web/community/-/blob/main/models/slideshow.ini)
* [assets/static/revealjs/dist/theme/tor.css · community](https://gitlab.torproject.org/tpo/web/community/-/blob/main/assets/static/revealjs/dist/theme/tor.css)
* [Helping Survivors of Domestic Violence](https://community.torproject.org/training/resources/helping-survivors/)
## Project B - Trying
* [x] Use this project to build some presentations:
* [x] Tor Training materials: tpo/community/training#122.
Related issues:
* [Make Tor training slides compatible with Reveal JS format (#268) · community](https://gitlab.torproject.org/tpo/web/community/-/issues/268)
Examples:
* [Tor Project | Helping survivors of domestic violence](https://community.torproject.org/training/resources/helping-survivors/)
* [content/training/resources/helping-survivors/contents.lr · community](https://gitlab.torproject.org/tpo/web/community/-/blob/main/content/training/resources/helping-survivors/contents.lr)
# Skills
Some knowledge in the following technologies may be needed in order to participate:
* Git/GitLab.
* Markdown.
* Writing documentation.
* Basic scripting (Python, shell).
# LinksHackweek 2023Silvio RhattoSilvio Rhatto2023-11-09https://gitlab.torproject.org/tpo/community/hackweek/-/issues/14Onion TeX Slim enhancements2023-11-30T16:16:39ZSilvio RhattoOnion TeX Slim enhancements# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto
# Summary
This proposal is about making some enhancements to [Onion TeX Slim][].
[Onion TeX Slim]: http...# About the project
* Contact: @rhatto
* Chat: #tor-dev on `irc.oftc.net`
* Video room: to be defined.
# Participants
- @rhatto
# Summary
This proposal is about making some enhancements to [Onion TeX Slim][].
[Onion TeX Slim]: https://gitlab.torproject.org/rhatto/onion-tex-slim
## Project A - Improving
* [~] Dockerfile for local builds. Moved to tpo/community/onion-tex-slim#5.
* [~] Test and improve the LaTeX templates. Moved to tpo/community/onion-tex-slim#6.
* [~] Add more functionality (graphics etc). Moved to tpo/community/onion-tex-slim#7.
* [~] Localization support, at least for the Markdown/Pandoc version. Moved to tpo/community/onion-tex-slim#2.
* [~] Make easier to add [Onion TeX Slim][] support in a `slides/` or `docs/slides` folder. Moved to tpo/community/onion-tex-slim#8.
## Project B - Trying
* [x] Use this project to build some presentations:
* [x] In the [Tor Community Training repository](https://gitlab.torproject.org/tpo/community/training/).
# Skills
Some knowledge in the following technologies may be needed in order to participate:
* Git/GitLab.
* Markdown.
* LaTeX.
* Basic scripting (Python, shell).
# LinksHackweek 2023Silvio RhattoSilvio Rhatto2023-11-09