Skip to content

GitLab

Closed
Created by Trac@tracbot

Untrusted tor in TorCloud stops new instances from working

I have only tested this once using the following setup but I use Amazon AWS every day for a job so I'm pretty happy I didn't do anything wrong there.

I created a new Amazon AWS account (for the free tier) and followed the instructions to spin up a Normal bridge in the eu-west-1 Ireland Zone. The instance spun up without issue.

I was of course interested to see how much it would be used so I used the key to login via SSH and tried the two commands in the FAQ...

$ sudo cat /var/log/tor/log
cat: /var/log/tor/log: No such file or directory

$ sudo -u debian-tor arm
sudo: unknown user: debian-tor

... looking at the processes I could see TOR wasn't installed yet...

  523 ?        S      0:00 /bin/sh /etc/rc2.d/S99rc.local start
  529 ?        S      0:00 /bin/sh -e /etc/rc.local
  557 ?        S      0:00 /bin/bash /etc/ec2-prep.sh bridge
  778 ?        Sl     0:00 aptitude -y install tor tor-geoipdb tor-arm

.... I left it 10 hours to make sure I wasn't just being impatient but the install was still stuck at the same point.

I tried killing aptitude so that I could run it manually to see what the problem was. This action deletes /etc/ec2-prep.sh and reboots the instance. When it cane back I tried to run the command manually...

$ sudo aptitude -y install tor tor-geoipdb tor-arm
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
The following NEW packages will be installed:
  libevent-1.4-2{a} python-geoip{a} python-socksipy{a} python-torctl{a} tor tor-arm tor-geoipdb torsocks{a}
0 packages upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,078kB of archives. After unpacking 9,336kB will be used.
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  tor-geoipdb tor-arm tor python-torctl

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":

As you can see the script is waiting for user input.

As I see it there are two fixes...

  1. Fix the untrusted element of the repo
  2. Add --allow-untrusted to the aptitude command. ... I will leave that to you guys to fix.

I wanted to let you know ASAP as currently people maybe spinning up these instances in good faith and they aren't doing anything at all :-(

Keep up the great work

Trac:
Username: dogsbody

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information