Integrate SubGraph's "Tor Status" Gnome extension

[bnvk]

SubGraph has made a nice Gnome extension that notifies users of Tor activity and integrates with Gnome's network widgets, the code is packaged at gnome-shell-extension-torstatus. Since we're moving to Gnome, it only makes sense to look at integrating this into Qubes!

@adrelanos I know you were working on something similar that I gave you UX feedback on at 32c3. I'm not sure how different / far along with that you are, but it seems worth exploring / discussing this extension!

[adrelanos]

Did not look into subgraph yet, but there are some blockers.

We don't have any java script coders. [that I know that have can make up
time to work on this]

We don't yet have added [such kind of] third party packages if they are
not installable from official Debian repositories.

( https://www.whonix.org/wiki/Dev/Default_Application_Policy )

[adrelanos]

Did not look into subgraph yet, but there are some blockers.

We don't have any java script coders. [that I know that have can make up
time to work on this]

We don't yet have added [such kind of] third party packages if they are
not installable from official Debian repositories.

( https://www.whonix.org/wiki/Dev/Default_Application_Policy )

[bnvk]

@adrelanos i'm a javascript developer :) i'm sure this will be in the official Debian packages, just unsure of timeline. My reasoning for this:

• This already works and is shipped with SubGraph
• Providing nice GUI functionality + UI feeedback for Tor is utmost importance
• Using a Gnome extension is the correct way to do it in Gnome.

As per collaborative efforts between secure desktop projects- this seems like a waste of effort to duplicate this work, no?

[bnvk]

@adrelanos i'm a javascript developer :) i'm sure this will be in the official Debian packages, just unsure of timeline. My reasoning for this:

• This already works and is shipped with SubGraph
• Providing nice GUI functionality + UI feeedback for Tor is utmost importance
• Using a Gnome extension is the correct way to do it in Gnome.

As per collaborative efforts between secure desktop projects- this seems like a waste of effort to duplicate this work, no?

[adrelanos]

Okay. Sounds great!

It already has Debian packaging files in its Debian git branch. And
instructions to build a package in its readme. Next proposes steps.

Can you...

• install it on Whonix-Gateway and see how it goes? Then we'll see if
  there are any rough edges.
• submit it to Debian as ITP (intent to package) ticket and get it
  uploaded (through sponsorship) to Debian? Thereby you becoming the
  Debian maintainer?

-- Alternatively post a Debian RFP (request to package) ticket.
Hopefully - possibly - the Debian privacy tools packaging team would
take over maintenance in Debian. (
https://wiki.debian.org/Teams/PkgPrivacyMaintainers )

?

[adrelanos]

Okay. Sounds great!

It already has Debian packaging files in its Debian git branch. And
instructions to build a package in its readme. Next proposes steps.

Can you...

• install it on Whonix-Gateway and see how it goes? Then we'll see if
  there are any rough edges.
• submit it to Debian as ITP (intent to package) ticket and get it
  uploaded (through sponsorship) to Debian? Thereby you becoming the
  Debian maintainer?

-- Alternatively post a Debian RFP (request to package) ticket.
Hopefully - possibly - the Debian privacy tools packaging team would
take over maintenance in Debian. (
https://wiki.debian.org/Teams/PkgPrivacyMaintainers )

?

[bnvk]

• install it on Whonix-Gateway and see how it goes? Then we'll see if there are any rough edges.

Yep, will do so and report back!

• submit it to Debian as ITP (intent to package) ticket and get it uploaded (through sponsorship) to Debian? Thereby you becoming the Debian maintainer?

I have never done such a thing, but would be good to understand better the process. Curious, doesn't it make more sense the project creator to do this?

[bnvk]

• install it on Whonix-Gateway and see how it goes? Then we'll see if there are any rough edges.

Yep, will do so and report back!

• submit it to Debian as ITP (intent to package) ticket and get it uploaded (through sponsorship) to Debian? Thereby you becoming the Debian maintainer?

I have never done such a thing, but would be good to understand better the process. Curious, doesn't it make more sense the project creator to do this?

[adrelanos]

Brennan Novak:

I have never done such a thing, but would be good to understand better the process. Curious, doesn't it make more sense the project creator to do this?

It's nice if that happens to be the creator, but that's not at all a
requirement. Anyone can post ITP or RFP.

[adrelanos]

Brennan Novak:

I have never done such a thing, but would be good to understand better the process. Curious, doesn't it make more sense the project creator to do this?

It's nice if that happens to be the creator, but that's not at all a
requirement. Anyone can post ITP or RFP.

[h01ger]

Sometimes (and maybe, mostly) it's even better if the package maintainer is not the person being the upstream author. Conflict of interests and all that. (The subgraph os people writing gnome-shell-extension-torstatus might have different interests than the Debian maintainers which have different interests than the Fedora maintainers. And even if the different interests are mostly just: "I want it work everywhere" - "I only care about Debian" - "I only care about Fedora".

That's said, it's totally ok if upstream authors are Debian or Fedora maintainers too.

The easiest way to file a Debian ITP or RFP bug is: sudo apt install reportbug ; reportbug wnpp

This will guide you through filing such a bug.

If someone is going to do the packaging for this (look at other package gnome-shell extensions…) I'd be happy to review the packaging and sponsor the upload to Debian.

[h01ger]

Sometimes (and maybe, mostly) it's even better if the package maintainer is not the person being the upstream author. Conflict of interests and all that. (The subgraph os people writing gnome-shell-extension-torstatus might have different interests than the Debian maintainers which have different interests than the Fedora maintainers. And even if the different interests are mostly just: "I want it work everywhere" - "I only care about Debian" - "I only care about Fedora".

That's said, it's totally ok if upstream authors are Debian or Fedora maintainers too.

The easiest way to file a Debian ITP or RFP bug is: sudo apt install reportbug ; reportbug wnpp

This will guide you through filing such a bug.

If someone is going to do the packaging for this (look at other package gnome-shell extensions…) I'd be happy to review the packaging and sponsor the upload to Debian.

[adrelanos]

This ticket is being blocked by Add support for GNOME in dom0/GUI domain (#1806), right?

---

There is a binary package of gnome-shell-extension-torstatus. This is how you can obtain it:

Add to /etc/apt/sources.list.

deb https://devrepo.subgraph.com/subgraph aaron main

apt-get download gnome-shell-extension-torstatus

(Maybe gnome-shell-extension-ozshell is also related.)

---

I failed to find the subgraph os Debian source packages. Asked subgraph os developers about it:
https://secure-os.org/pipermail/desktops/2016-May/000118.html

---

When I look at https://pbs.twimg.com/media/CbB0R2VWIAEI2iY.png I think implementing this is more difficult. Because shutdown is up to dom0, Tor status up to sys-whonix, wifi settings up to sys-net.

Screenshots:

---

---

[adrelanos]

This ticket is being blocked by Add support for GNOME in dom0/GUI domain (#1806), right?

---

There is a binary package of gnome-shell-extension-torstatus. This is how you can obtain it:

Add to /etc/apt/sources.list.

deb https://devrepo.subgraph.com/subgraph aaron main

apt-get download gnome-shell-extension-torstatus

(Maybe gnome-shell-extension-ozshell is also related.)

---

I failed to find the subgraph os Debian source packages. Asked subgraph os developers about it:
https://secure-os.org/pipermail/desktops/2016-May/000118.html

---

When I look at https://pbs.twimg.com/media/CbB0R2VWIAEI2iY.png I think implementing this is more difficult. Because shutdown is up to dom0, Tor status up to sys-whonix, wifi settings up to sys-net.

Screenshots:

---

---

[marmarek]

When I look at https://pbs.twimg.com/media/CbB0R2VWIAEI2iY.png I think implementing this is more difficult. Because shutdown is up to dom0, Tor status up to sys-whonix, wifi settings up to sys-net.

We've talked about this with @bnvk and there is a way: provide a very simple "proxy" to NetworkManager in sys-net. Something that will look in dom0 as NetworkManager (export its dbus interface) and provide basic information about network connection. All advanced stuff (configuration etc) would still happen inside sys-net of course.
One needs to be very careful when implementing such thing to to expose dom0 to much, but it is doable.
Anyway, as you've said, this is blocked on #1806

[marmarek]

When I look at https://pbs.twimg.com/media/CbB0R2VWIAEI2iY.png I think implementing this is more difficult. Because shutdown is up to dom0, Tor status up to sys-whonix, wifi settings up to sys-net.

We've talked about this with @bnvk and there is a way: provide a very simple "proxy" to NetworkManager in sys-net. Something that will look in dom0 as NetworkManager (export its dbus interface) and provide basic information about network connection. All advanced stuff (configuration etc) would still happen inside sys-net of course.
One needs to be very careful when implementing such thing to to expose dom0 to much, but it is doable.
Anyway, as you've said, this is blocked on #1806

[marmarek]

Related to #2135

[marmarek]

Related to #2135