Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tb-updater do not populate home directory at first boot #2

Closed
marmarek opened this issue Mar 22, 2018 · 8 comments

Comments

@marmarek
Copy link
Contributor

commented Mar 22, 2018

On Qubes 4.0, tor browser isn't copied into user home directory on first VM startup.
It is caused by this code:

done_file="$cache_folder/first-boot-home-population.done"
if [ -e "$done_file" ]; then
exit 0
fi

The flag file is stored in /var/cache (which is shared between TemplateVM and TemplateBasedVMs), so if home directory is populated in the template itself (if for any reason check for being TemplateVM fails), then no further TemplateBasedVM will receive tor browser. Especially, this breaks DispVMs based on whonix-ws-dvm, because it tries to download tor browser at each start.

I'm not sure why check for TemplateVM fails, but regardless of investigating it, I propose moving flag file into user home (something that have the same persistence property as actual provisioned tor browser).

@adrelanos

This comment has been minimized.

Copy link
Member

commented Mar 25, 2018

Already existing:

https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-bind-dirs.d/40_qubes-whonix.conf#L11

binds+=( '/var/cache/tb-updater' )

Why doesn't that work?

@marmarek

This comment has been minimized.

Copy link
Contributor Author

commented Mar 26, 2018

For some reason it doesn't get mounted. bind-dirs log:

Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/spool/cron onto /var/spool/cron
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/lib/tor onto /var/lib/tor
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/lib/whonix onto /var/lib/whonix
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/lib/whonixcheck onto /var/lib/whonixcheck
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/cache/whonix-setup-wizard onto /var/cache/whonix-setup-wizard
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/var/cache/anon-base-files onto /var/cache/anon-base-files
Mar 26 17:18:55 host mount-dirs.sh[318]: Bind mounting /rw/bind-dirs/etc/tor onto /etc/tor

Looks like /var/cache/tb-updater directory didn't existed at mount-dirs.sh call time (?!).

Anyway, this looks wrong. If /var/cache/tb-updater is bind-mounted to /rw, then cached tor browser will be (1) copied to /rw and (2) no further updates (of tb-updater package) will be visible to that VM. Not sure if (2) is problematic (probably not, because it is meant to be used once anyway), but (1) means tor browser will be in /rw twice - once in /rw/bind-dirs, and once in /user/home (/rw/home/user).

@marmarek

This comment has been minimized.

Copy link
Contributor Author

commented Mar 27, 2018

The above isn't fully accurate. tb-updater saves downloaded TB into /var/cache/tb-binary, not /var/cache/tb-updater, so it won't be copied twice into /rw.
But this explains why /var/cache/tb-updater isn't there - it is created only at the end of first-boot-home-population, which is after bind-dirs are processed. This is why the bind-dirs don't work here.

This is still inconsistent, because if /var/cache/tb-updater wasn't initially there, it wasn't the reason for skipping first-boot-home-population.

Unfortunately, in the process of debugging this, I've fixed my whonix-ws-dvm (or whonix-ws?) and can no longer reproduce the problem. I'll check again after reinstall.

@adrelanos

This comment has been minimized.

Copy link
Member

commented Mar 28, 2018

Folder /var/cache/tb-updater should exist because there is already existing file /var/cache/tb-updater/placeholder.

https://github.com/Whonix/tb-updater/blob/master/var/cache/tb-updater/placeholder

I'll be moving the done_file to the home folder. Dunno if that will fix the issue.

adrelanos added a commit that referenced this issue Mar 28, 2018
@adrelanos

This comment has been minimized.

Copy link
Member

commented Mar 28, 2018

Previously I avoided writing to home folder since this can easily mess up file permissions.

8a923d9

@marmarek

This comment has been minimized.

Copy link
Contributor Author

commented Mar 28, 2018

After rebuilding Whonix 13 template, it looks to be working (populating torbrowser in home directory). Probably I haven't whonix-ws template itself before, so it didn't populated home directory there.
But there is still no /var/cache/tb-updater/placeholder.

Oh, maybe you were talking about Whonix 14?

@adrelanos

This comment has been minimized.

Copy link
Member

commented Mar 30, 2018

@adrelanos

This comment has been minimized.

Copy link
Member

commented Apr 14, 2018

@adrelanos adrelanos closed this Jun 13, 2018

adrelanos pushed a commit that referenced this issue Jul 12, 2019
Merge pull request #2 from Whonix/master
Sync with upstream
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.