Page MenuHome GnuPG

use-tor should have a third possible value, "if available"
Closed, ResolvedPublic

Description

currently dirmngr has --use-tor and --no-use-tor

the default is --no-use-tor

However, it shouldn't be hard to auto-detect whether tor is available (e.g. look
for a unix-domain socket at /run/tor/socks) and if it is, then use it, otherwise
fall back to not using tor.

I would call this middle-ground state --use-tor-if-available

If this configuration option is available, i think it would be sensible also for
it to be the default, so that the only thing necessary for a user to use tor is
to have tor installed and running.

In that scenario, wsers who care strongly that no data ever go outside of tor
can set --use-tor explicitly, and users who have tor installed but don't want
dirmngr to use it can set --no-use-tor. But the default would be to do the
sensible thing.

Details

Version
2.1.18

Revisions and Commits

Event Timeline

dkg added projects: dirmngr, Feature Request, gnupg.
dkg added a subscriber: dkg.

I think this is a good idea. If Tor is already running we can expect that the
user wants to use Tor as much as possible and thus tehre should be no need for
any configuration.

I do not think that we need a new option (except for making --no-use-tor). To
avoid checking for tor with every new connection to Dirmngr, I would do a test
at startup and after each reload.

I will do some rework to make testing for tor easier ....

Okay, that first part has been pushed. Now need to figure out how to test for
Tor in a clean way.

Thanks for this work (and sorry to have just blindly/wrongly assumed that
--no-use-tor already existed without checking it).

On modern debian systems, the default tor daemon will always be listening on
unix domain socket /run/tor/socks. So a simple attempt to connect to that
socket should be sufficient -- it should fail immediately if the socket isn't
present or if no one is listening on it.

This seems cheap and fast enough to be able to do it on every query to me,
rather than introducing additional runtime state to dirmngr. just try to
connect, and if it doesn't work, fall back to a normal connection (you'd want to
do that anyway in case the tor daemon goes away after dirmngr had been launched).

Using a socket conenction would require new code. We use the standard ports
instead. Sometimes the socks5 code (and I assume also the Unix domain socket
code) takes some time to figure out whether Tor is actually running, Thus this
is not done at every request.

Doing a check for every request would also require a lot of new code because we
need to restart a connection attempt at a higher layer. Similar to HTTP 301
handling.

werner raised the priority of this task from Normal to High.Apr 28 2017, 9:43 PM
werner moved this task from Backlog to gpg22 on the gnupg board.
werner edited projects, added gnupg (gpg22); removed gnupg.

Okay, I implemented the second part and Tor is now used if availabale.
--no-use-tor disables Tor.
--use-tor forces use Tor and can't be reset.

In the default auto mode a

gpgconf --reload dirmngr

is required to re-check for Tor availability.

En passant I fixed a regression due to the connect timeout which inhibited Tor from working.

FWIW, using a Debian specific thing is not portable and Unix sockets won't work on Windows. Thus using the standard localhost connection is simpler than adding extra complexity.