Whonix 12 rinetd starting before qubes-whonix-postinit replace-ips

[qubesuser]

In Whonix 12 the systemd rinetd service is starting after qubes-whonix-postinit, which means it loads the configuration before replace-ips has replaced the 10.152.152.10 IP, which results in local ports being redirected there and thus Tor Browser and so on not working.

In the Whonix 11 template it seemed fine, although it might be by chance.

Looks like replace-ips should invoke "systemctl reload rinetd" and some systemd dependency constraints should be added.

There might be other services in addition to rinetd with the same issues.

[adrelanos]

Confirmed. I think it's happening by chance. A race condition. And a release critical bug.

See above referenced commit "added more comments to ease fixing".

These are all init scripts that matter...

• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-firewall.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-network.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-postinit.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-sysinit.service

Please share your thoughts on any systemd unit file relation ships, After= and Before=.

qubes-whonix-postinit needs to run before rinetd, but also before Tor. And some others. Which ones should become clear by looking at the contents of the FILES variable in replace-ips script.

https://github.com/nrgaway/qubes-whonix/blob/master/usr/lib/qubes-whonix/replace-ips#L55-L79

If you have other suggestions, please have it going.

---

I also plan to refactor/simplify all the above systemd unit files and init stuff for Whonix 13.

Ideally we had static IPs. That would abolish the need for replace-ip's which has been discussed here:
#1143

[adrelanos]

Confirmed. I think it's happening by chance. A race condition. And a release critical bug.

See above referenced commit "added more comments to ease fixing".

These are all init scripts that matter...

• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-firewall.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-network.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-postinit.service
• https://github.com/Whonix/qubes-whonix/blob/master/lib/systemd/system/qubes-whonix-sysinit.service

Please share your thoughts on any systemd unit file relation ships, After= and Before=.

qubes-whonix-postinit needs to run before rinetd, but also before Tor. And some others. Which ones should become clear by looking at the contents of the FILES variable in replace-ips script.

https://github.com/nrgaway/qubes-whonix/blob/master/usr/lib/qubes-whonix/replace-ips#L55-L79

If you have other suggestions, please have it going.

---

I also plan to refactor/simplify all the above systemd unit files and init stuff for Whonix 13.

Ideally we had static IPs. That would abolish the need for replace-ip's which has been discussed here:
#1143

[adrelanos]

The fix is in the Whonix testers repository.

Closeable.

[adrelanos]

The fix is in the Whonix testers repository.

Closeable.