Prepare Bisq

bisq/40_bisq.yml

@@ -0,0 +1,82 @@
+## Copyright (C) 2018 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions
+
+#### meta start
+#### project Whonix
+#### category tor-control
+#### description
+## Shipped but not enabled by default onion-grater profile.
+#### meta end
+
+---
+- exe-paths:
+    - '*'
+  users:
+    - '*'
+  hosts:
+    - '*'
+  commands:
+    GETINFO:
+      - pattern:       'status/bootstrap-phase'
+        response:
+          - pattern:     '250-status/bootstrap-phase=*'
+            replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
+    SETEVENTS:
+      - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
+    ADD_ONION:
+      - pattern:     'NEW:(\S+) Port=9999,(\S+)'
+        replacement: 'NEW:{} Port=9999,{client-address}:{}'
+      - pattern:     '(\S+):(\S+) Port=9999,(\S+)'
+        replacement: '{}:{} Port=9999,{client-address}:{}'
+    DEL_ONION:
+      - '.+'
+    HSFETCH:
+      - '.+'
+
+    ## Bisq 2
+    SETCONF:
+      - pattern:       'DisableNetwork.*'
+        response:
+          - pattern:     '250 DisableNetwork=.*'
+            replacement: '250 DisableNetwork=0'
+  events:
+    ## Bisq 2
+    SIGNAL:
+      suppress: true
+
+    CIRC:
+      suppress: true
+    ORCONN:
+      suppress: true
+    INFO:
+      suppress: true
+    NOTICE:
+      suppress: true
+    WARN:
+      suppress: true
+    ERR:
+      suppress: true
+    HS_DESC:
+      response:
+        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
+          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
+        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
+          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
+        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
+          replacement: '650 HS_DESC UPLOADED {} {} redacted'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
+        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
+        - pattern:     '.*'
+          replacement: ''
+    HS_DESC_CONTENT:
+      suppress: true
+      ## TODO: Bisq 2
+      #STATUS_CLIENT:
+      #suppress: false
+      ## TODO: Bisq 2
+      #STATUS_SERVER:
+      #suppress: false

bisq/assets/bisq.yml

@@ -0,0 +1,53 @@
+---
+- apparmor-profiles:
+    - '/opt/bisq/bin/Bisq'
+  users:
+    - 'amnesia'
+  commands:
+    AUTHCHALLENGE:
+      - 'SAFECOOKIE .*'
+    SETEVENTS:
+      - 'CIRC WARN ERR'
+      - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
+    GETINFO:
+      - 'net/listeners/socks'
+    ADD_ONION:
+      - pattern:     'NEW:(\S+) Port=9999,(\S+)'
+        replacement: 'NEW:{} Port=9999,{client-address}:{}'
+      - pattern:     '(\S+):(\S+) Port=9999,(\S+)'
+        replacement: '{}:{} Port=9999,{client-address}:{}'
+    DEL_ONION:
+      - '.+'
+    HSFETCH:
+      - '.+'
+  events:
+    CIRC:
+      suppress: true
+    ORCONN:
+      suppress: true
+    INFO:
+      suppress: true
+    NOTICE:
+      suppress: true
+    WARN:
+      suppress: true
+    ERR:
+      suppress: true
+    HS_DESC:
+      response:
+        - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
+          replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
+        - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
+          replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
+        - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
+          replacement: '650 HS_DESC UPLOADED {} {} redacted'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
+        - pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
+        - pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
+          replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
+        - pattern:     '.*'
+          replacement: ''
+    HS_DESC_CONTENT:
+      suppress: true

bisq/assets/exec.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+persistence_dir="/home/amnesia/Persistent"
+base_dir="${persistence_dir}/bisq}"
+data_dir="${base_dir}/Bisq"
+
+# Check if Bisq is already installed and configured
+if [ ! -f "/opt/bisq/bin/Bisq" ] || [ ! -f "/etc/onion-grater.d/bisq.yml" ]; then
+  echo_blue "Installing Bisq and/or configuring system..."
+  pkexec ./install.sh
+else
+  echo_blue "Bisq is already installed and configured."
+fi
+
+ln -s $data_dir /home/amnesia/.local/share/Bisq
+/opt/bisq/bin/Bisq --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth

bisq/assets/install.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Function to print messages in blue
+echo_blue() {
+  echo -e "\033[0;34m$1\033[0m"
+}
+
+# Function to print error messages in red
+echo_red() {
+  echo -e "\033[0;31m$1\033[0m"
+}
+
+
+persistence_dir="/home/amnesia/Persistent"
+binary_name="Bisq-64bit-${VERSION}.deb"
+
+# Check if variables are already set, otherwise default them
+: ${VERSION:="1.9.15"}
+: ${persistence_dir:="/home/amnesia/Persistent"}
+: ${base_dir:=${persistence_dir}/bisq}
+: ${bisq_installer:="${base_dir}/Bisq-64bit-${VERSION}.deb"}
+
+# Check if the Bisq installer exists
+if [ ! -f "${bisq_installer}" ]; then
+  echo_red "Bisq installer not found at ${bisq_installer}."
+  exit 1
+fi
+
+# Install Bisq
+echo_blue "Installing Bisq..."
+dpkg -i "${bisq_installer}" || { echo_red "Failed to install Bisq."; exit 1; }
+
+# Change access rights for Tor control cookie
+echo_blue "Changing access rights for Tor control cookie..."
+chmod o+r /var/run/tor/control.authcookie || { echo_red "Failed to change access rights for Tor control cookie."; exit 1; }
+
+# Assume bisq.yml is in the same directory as the script, or adjust the path accordingly
+BISQ_CONFIG_FILE="$(dirname "$0")/bisq.yml"
+
+# Copy bisq.yml configuration file
+echo_blue "Copying bisq.yml to /etc/onion-grater.d/..."
+cp "${BISQ_CONFIG_FILE}" /etc/onion-grater.d/bisq.yml || { echo_red "Failed to copy bisq.yml."; exit 1; }
+
+# Restart onion-grater service
+echo_blue "Restarting onion-grater service..."
+systemctl restart onion-grater.service || { echo_red "Failed to restart onion-grater service."; exit 1; }
+
+echo_blue "Bisq installation and configuration complete."

bisq/bisq.md

@@ -0,0 +1,91 @@
+
+
+```shell
+ln -s /home/amnesia/Persistent/bisq/Bisq /home/amnesia/.local/share/Bisq
+
+/opt/bisq/bin/Bisq --torControlPort 9052 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth
+```
+
+
+---
+layout: page
+title: Bisq
+nav_order: 40
+---
+
+## Bisq
+{: .no_toc }
+
+## Table of contents
+{: .no_toc .text-delta }
+
+1. TOC
+   {:toc}
+
+---
+### Overview
+
+[Bisq] is and open-source desktop software, Bisq provides a peer to peer bitcoin exchange experience. Buy and sell bitcoin for fiat (or other cryptocurrencies) privately and securely using Bisq's peer-to-peer network.
+
+![bisq.png](bisq.png)
+
+{: .note }
+Bisq Data directory is relocated to the Persistent Storage, so that your wallet, keys, etc. are not lost every time Tails shuts down.  
+
+
+---
+### Install Bisq
+
+* Make sure **Tails Autostart** utility has been installed. See [Tails Autostart].
+
+
+* Open a _Terminal_ window:  choose **Applications ▸ Utilities ▸ Terminal**
+
+
+* Clone Run-on-Tails GitHub repository:
+```shell
+$ cd ~/Downloads
+$ git clone https://github.com/dutu/run-on-tails.git
+```
+
+
+* Setup Bisq installation:
+  ```shell
+  $ chmod +x ./run-on-tails/bisq/setup-installation.sh 
+  $ ./run-on-tails/flatpak/setup-installation.sh 
+  ```
+  * Wait for the message `Bisq installation setup completed successfully.`
+
+
+---
+### How to use it
+
+  * Choose **Applications ▸ Other ▸ Bisq**
+
+  {: .note }
+  Bisq Data directory is relocated to the Persistent Storage, so that your wallet, keys, etc. are not lost every time Tails shuts down.  
+  On the other hand, Bisq application installation is done entirely in memory. Therefore, Bisq must be reinstalled after every boot.
+  The installation is done automatically when you launch Bisq through the desktop menu icon.
+
+---
+### Remove Bisq
+
+* Open a _Terminal_ window:  choose **Applications ▸ Utilities ▸ Terminal**
+
+
+* Remove persistent configuration:
+  ```shell
+  $ dotfiles_dir="/live/persistence/TailsData_unlocked/dotfiles"
+  $ rm $dotfiles_dir/.config/autostart/amnesia.d/flatpak-setup-persistent-apps.sh
+  $ persistence_dir="/home/amnesia/Persistent"
+  $ rm -fr $persistence_dir/flatpak/utils 
+  ```
+
+* Remove flatpak package:
+  ```shell
+  $ sudo apt remove flatpak
+  ```
+
+---
+[Bisq]: https://bisq.network/
+[Tails Autostart]: ../tails-autostart/tails-autostart.html

bisq/config-persistence.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+# Function to print messages in blue
+echo_blue() {
+  echo -e "\033[0;34m$1\033[0m"
+}
+
+# Function to print error messages in red
+echo_red() {
+  echo -e "\033[0;31m$1\033[0m"
+}
+
+# Define common environment variables
+VERSION="1.9.15"
+persistence_dir="/home/amnesia/Persistent"
+dotfiles_dir="/live/persistence/TailsData_unlocked/dotfiles"
+persistent_desktop_dir="$dotfiles_dir/.local/share/applications"
+
+# Check if Bisq is already installed
+if [ -f "/opt/bisq/bin/Bisq" ]; then
+  echo_red "Bisq is already installed, please reboot Tails..."
+  exit 1
+fi
+
+echo_blue "Creating persistent directory for Bisq..."
+mkdir -p $persistence_dir/bisq || { echo_red "Failed to create directory $persistence_dir/bisq"; exit 1; }
+
+# Copy utility files to persistent storage and make scripts executable
+echo_blue "Copying bisq utility files to persistent storage..."
+assets_dir=$(dirname "$0")/assets
+rsync -av $assets_dir/ $persistence_dir/bisq/utils/ || { echo_red "Failed to rsync files to $persistence_dir/bisq/utils"; exit 1; }
+find $persistence_dir/bisq/utils -type f -name "*.sh" -exec chmod +x {} \; || { echo_red "Failed to make scripts executable"; exit 1; }
+
+
+# Location and filenames for the download
+url_base="https://bisq.network/downloads/v${VERSION}"
+binary_name="Bisq-64bit-${VERSION}.deb"
+signature_name="${binary_name}.asc"
+
+# The public GPG key URL
+gpg_key_url="https://bisq.network/pubkey/E222AA02.asc"
+
+# Download Bisq binary
+echo_blue "Downloading Bisq version ${VERSION}..."
+wget -q "${url_base}/${binary_name}" || { echo_red "Failed to download Bisq binary."; exit 1; }
+
+# Download Bisq signature file
+echo_blue "Downloading the Bisq signature..."
+wget -q "${url_base}/${signature_name}" || { echo_red "Failed to download Bisq signature."; exit 1; }
+
+# Import the Bisq signing key
+echo_blue "Importing the GPG key..."
+wget -qO- "${gpg_key_url}" | gpg --import || { echo_red "Failed to import GPG key."; exit 1; }
+
+# Verify the downloaded binary with the signature
+echo_blue "Verifying the signature of the downloaded file..."
+OUTPUT=$(gpg --digest-algo SHA256 --verify "${signature_name}" "${binary_name}" 2>&1)
+
+if echo "$OUTPUT" | grep -q "Good signature from"; then
+  echo_blue "Bisq has been successfully verified."
+  # Move the binary and its signature to the persistent directory
+  mkdir -p "${persistence_dir}/bisq"
+  mv "${binary_name}" "${signature_name}" "${persistence_dir}/bisq/"
+  echo_blue "Files moved to ${persistence_dir}/bisq/"
+else
+  echo_red "Signature verification failed. Please check the following output for details:"
+  echo_red "$OUTPUT"
+  exit 1
+fi
+
+echo_blue "Bisq installation setup completed successfully."