cypherstack
Add OS Detection and Configuration for Tails and Whonix (Tor Connection)
Summary
Make Tor Connection Tails & Whonix friendly
This merge request introduces OS detection for Tails and Whonix, and configures the Tor connection accordingly. The changes ensure that the application correctly identifies when it is running on Tails or Whonix and configures the Tor connection to use the appropriate settings.
Changes
-
New File:
os_detection.dart- Added a new file
lib/os_detection.dartthat contains theOSDetectorclass. This class provides methods to detect if the application is running on Tails or Whonix operating systems.
import 'dart:io'; class OSDetector { static Future<bool> isTails() async { try { final osReleaseFile = File('/etc/os-release'); if (await osReleaseFile.exists()) { final osReleaseContent = await osReleaseFile.readAsString(); return osReleaseContent.contains('Tails'); } } catch (e) { print('Error detecting Tails: $e'); } return false; } static Future<bool> isWhonix() async { try { final whonixVersionFile = File('/etc/whonix_version'); return await whonixVersionFile.exists(); } catch (e) { print('Error detecting Whonix: $e'); } return false; } } - Added a new file
-
Modified File:
main.dart-
Updated
lib/main.dartto include the newos_detection.dartand implement OS detection and Tor configuration logic in themainfunction. -
Import Statement: Added the import statement for
os_detection.dart.import 'os_detection.dart'; -
OS Detection and Tor Configuration: Added logic in the
mainfunction to detect if the application is running on Tails or Whonix and configure the Tor connection accordingly.void main(List<String> args) async { WidgetsFlutterBinding.ensureInitialized(); // Add OS detection and Tor configuration final isTails = await OSDetector.isTails(); final isWhonix = await OSDetector.isWhonix(); if (isTails) { print('Tails detected, configuring Tor to use 127.0.0.1:9050'); // Configure Tor to use 127.0.0.1:9050 TorService.sharedInstance.init( torDataDirPath: (await StackFileSystem.applicationTorDirectory()).path, proxySettings: { 'host': '127.0.0.1', 'port': 9050, 'type': 'socks5h', }, ); await TorService.sharedInstance.start(); } else if (isWhonix) { print('Whonix detected, using gateway Tor'); // No need to configure Tor, just notify the user } else { // Existing Tor initialization if (Prefs.instance.useTor) { TorService.sharedInstance.init( torDataDirPath: (await StackFileSystem.applicationTorDirectory()).path, ); await TorService.sharedInstance.start(); } } // Rest of the existing main function... ... }
-
Purpose
The purpose of these changes is to ensure that the application can detect when it is running on Tails or Whonix and configure the Tor connection appropriately. This improves the application's compatibility and security in privacy-focused operating systems.
Testing
-
Tails Detection:
- Run the application on Tails OS and verify that the Tor connection is configured to use
127.0.0.1:9050withsocks5hproxy settings. This is key since users like Tails users are already using tor via a system Tor daemon or may not want to use the Tor bundled with stack wallet for whatever reason or simply do to it not working. - See related issues: #1060 #1058
- Run the application on Tails OS and verify that the Tor connection is configured to use
-
Whonix Detection:
- Run the application on Whonix OS and verify that the appropriate messages are logged, and the Tor connection uses the gateway Tor settings. (This is to avoid Tor over Tor conflicts)
-
Other OS:
- Run the application on other operating systems to ensure that the existing Tor initialization logic is executed correctly.
Documentation
Please review the changes and let me know if there are any questions or further adjustments needed. I think this is a good starting point to make Stack Wallet Tails and Whonix friendly.
@sneurlax @rehrar
After looking at the socks_socket.dart I think the Tor configuration above might be wrong? It is key when using Tails or already have Tor daemon running to use that socks port (default is 9050) on linux. Personally I would like the option to use my system tor daemon running over the one with the stack wallet. Tails cant use the bundled tor that is included with stack wallet due to this. The only way to use it currently on Tails or with another tor instance running is with torsocks command. This however is not user friendly to people that aren't cli familiar or new to linux. I think this would be nice and fairly easy to implement for a plug n play feel in the UI/settings.
Also not sure how SOCKS5 is used in dart implementation but SOCKS5h proxies the DNS requests through the proxy server, while standard SOCKS5 does not if my understanding is correct?
It would also be great if the Tor setting had an input field in the UI that the user could input the socks port (e.g. port 9050). The /etc/os-release that is used to detect if the system is Tails would then input this field/connection setting.
While the detecting that the system is Whonix workstation by the existence of file /etc/whonix_version specific to Whonix (e.g. for systemcheck and updates) would state in UI that Tor is connected via gateway.
It may be better to add a proxy settings page and set things up to run network calls through that.
Tor is currently very self contained in stack wallet so there would be some setup required for this.
There is an issue with some coins in stack wallet whose libraries do their own networking and do not support proxies. Eth being an example. Most will work with a socks5 proxy though.
Re the above comment and code snippets:
TorService.sharedInstance.init and TorService.sharedInstance.start will start a Tor daemon and find an open port to use locally so plugging into the TorService will require some refactoring and additional functionality added.
final whonixVersionFile = File('/etc/whonix_version');
While /etc/whonix_version might be valid I would change it along the lines to this Whonix documentation Programmatically_Detecting_Whonix
I think starting with a manual proxy setting within the Tor setting like @julian-CStack stated would be a good start then you could use the os detection to set those upon first start if those are detected. If they are already set then do nothing.
