Notes on Tor Browser debugging
Stuff to delete to reset on Linux:
- Browser/TorBrowser/Data/Tor/{cached*,state,torrc}
- Browser/TorBrowser/Data/Browser/profile.default/prefs.js
Clock skew testing
The faketime package in Ubuntu 16.04 is too old to know about CLOCK_MONOTONIC_COARSE but tor uses it. This causes startup to fail in the faketime library. Also if asan is active, its runtime must be listed first in LD_PRELOAD, which prevents using the normal faketime wrapper script.
Signs of client clock in the future
Stuck at 80% (Connecting to the Tor network) or 85% (Finishing handshake with first hop).
Repetitive logs such as
Sep 18 18:53:04.000 [debug] update_guard_selection_choice(): Staying with guard context "default" (no change)
Sep 18 18:53:04.000 [info] sampled_guards_update_from_consensus(): Not updating the sample guard set; we have no live consensus.
Sep 18 18:53:04.000 [info] sample_reachable_filtered_entry_guards(): Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED set.
Sep 18 18:53:04.000 [info] sample_reachable_filtered_entry_guards(): (That isn't enough. Trying to expand the sample.)
Sep 18 18:53:04.000 [info] entry_guards_expand_sample(): Not expanding the sample guard set; we have no live consensus.or
Sep 19 16:56:50.000 [info] sample_reachable_filtered_entry_guards(): Trying to sample a reachable guard: We know of 0 in the USABLE_FILTERED set.
Sep 19 16:56:50.000 [info] sample_reachable_filtered_entry_guards(): (That isn't enough. Trying to expand the sample.)
Sep 19 16:56:50.000 [info] entry_guards_expand_sample(): Not expanding the sample guard set; we have no live consensus.
Sep 19 16:56:50.000 [info] sample_reachable_filtered_entry_guards(): (After filters [17], we have 0 guards to consider.)
Sep 19 16:56:50.000 [info] select_entry_guard_for_circuit(): Absolutely no sampled guards were available. Marking all guards for retry and starting from top again.
Sep 19 16:56:50.000 [warn] Failed to find node for hop #1 of our path. Discarding this circuit.
Sep 19 16:56:50.000 [info] onion_populate_cpath(): Generating cpath hop failed.GitLab and GitHub repo sync notes
GitLab.com supports pull and push sync (one of each per repository). This needs an access token for push (at least over HTTPS; push mirroring over SSH doesn't seem to be supported). GitLab Community Edition doesn't support mirroring; that's an Enterprise Edition thing. It's possible to configure CI pipelines to do it, but it's somewhat less friendly. On the other hand, the built-in mirroring isn't configurable to force-update refs, which a custom pipeline would be able to do.
Deploy keys, etc
GitLab and GitHub both support SSH deploy keys. These default to read-only on GitLab, and read-write on GitHub. Deploy keys are per-repository.
GitLab has Private Tokens and Personal Access Tokens. Private Tokens are for API use and supposedly allow full API access as you, but don't seem to provide push access over HTTPS. Access Tokens (with api scope) apparently do provide push access over HTTPS. GitHub doesn't have Private Tokens, but does have Access Tokens.