? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

Pexo's Blog

A blog, where I, pexo, will post different things, at uncertain times about some topics.

The x makes it sound friendlier.

Follow in NewsfeedFollowing

Latest comments:

Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Not found

How to install Zeronet on QubesOS

on Aug 30, 2018

I've recently rebuild my QubesOS setup and as part of that I have also remade my Zeronet setup. Since I was going to do it anyway, I decided it just write my steps down and post them here.

Requirements and assumptions

  • I'll be using the fedora 28 templateVM for the Zeronet templateVM. The basic procedure should the same for older fedora versions, but can differ slightly, so be aware of that, should you want to use a different fedora template.

  • I'll also be assuming Qubes 4, but older Qubes versions shouldn't make much of a difference, at least as far as I'm aware of.

  • Anything in {curly braces} needs to be replaced by something.
    Example: tor-browser-linux64-{someversion}_en-US.tar.xz could be tor-browser-linux64-7.5.5_en-US.tar.xz or tor-browser-linux64-7.5.6_en-US.tar.xz.

Note from 09-24-2018

I have adjusted this guide to now work with the new Tor Browser release(8.0). In addition to that I have also included some scripts, that make managing the Zeronet templateVM, specifically new Tor Browser versions or manual changes of it in the templateVM way more comfortable, easier to apply and work with in appVMs.

Installation

The Setup

  1. Open the Qubes manager and clone the fedora 28 templateVM. The name can be anything you want, I named it ZeronetTemplateVM.

  2. In the Qube Manager open the Qube Settings section for the VM you just cloned and set under networking any netVM that has internet access. I'd choose sys-whonix, since that forces all traffic in our installation process through Tor, as well.

  3. In the same window move to Applications and select Terminal and Firefox. You can also select other applications, but we only need Firefox and the terminal. You may need to press Refresh Applications before they appear.
    After you're done you can hit Apply and close the window.

  4. Start the VM and open Firefox and it's terminal.

  5. In Firefox download:

    • The Zero Bundle from zeronet.io

    • The Tor Browser and it's signature from torproject.org

  6. Now get the public key fingerprints from torproject.org and import them into gpg with:

    gpg --recv-keys {key1} {key2} {...}

    Note: At the time of this writing the command to get all keys is: gpg --recv-keys 0x4E2C6E8793298290 0xEB774491D9FF06E2 0xD1483FA6C3C07136, but times change and I STRONGLY discourage anyone from copying and pasting random signing keys from anywhere. I could claim just about anything I want and you wouldn't know, whether that really were the Tor Browser signing keys or I lied to you.

  7. Verify the signature of the Tor Browser, to do this:

    cd /home/user/Downloads/
    gpg --verify tor-browser-linux64-{someversion}_en-US.tar.xz.asc tor-browser-linux64-{someversion}_en-US.tar.xz
    Should the signature fail, redownload the Tor Browser and the signature and try again. Should it fail again, wait a day and then redownload the Tor Browser and the signature and try again. If it continues to fail, report what failed to torproject.org.

Installing Tor

  1. Give yourself root privileges in the terminal

    sudo -i

  2. Install Tor with:

    sudo dnf install tor

    Confirm that you want to install Tor and wait for the installation to finish.

  3. Now we need to configure Tor. We do this, by editing the torrc file:

    sudo gedit /etc/tor/torrc

    Here you'll need to remove the # character in the lines that say CookieAuthentication 1 and ControlPort 9051.

    Note: The auth-cookie entry might be inside there multiple times, if you have no experience with editing the torrc file, just remove the # character from all appearing instances.
    Note2: If one of them is not present in the entire file type them in yourself and make sure, that there isn't a # character somewhere before it in the same line.

    Now save and close gedit.

  4. We need to add permission for the default user user to read the Tor auth-cookie with(if your default user is not user change the word user in the command below to your default user name):

    sudo usermod -a -G toranon user

Starting Tor

For the next step we need Tor running, so open a new terminal window and run:

sudo runuser -u toranon tor

This will start the Tor instance.

Installing Zeronet

Now we can get to the installation of the Zero Bundle.

  1. Go back to your download directory(if you left it) and unpack the Zero Bundle with:

    cd /home/user/Downloads/
    tar xvf ZeroBundle-linux64.tar.gz

  2. Copy the unpacked folder into /usr/share:

    sudo cp -r ZeroBundle/ /usr/share/ZeroBundle

  3. Now we need to configure Zeronet, to do that we have to run Zeronet for the first time, so that it can download the newest version(make sure you are still in root terminal):

    cd /usr/share/ZeroBundle/
    ./ZeroNet.sh --version

    This will download the most recent Zeronet version and print out the version after its done.
    Note: In the current version of Zeronet(Version: 0.6.3 r3576) you'll see an error here, you can run the command again and it should produce the expected output.

  4. Now, that the newest version has been downloaded, we can start Zeronet for real with:

    ./ZeroNet.sh --tor always

    If all downloads are finished, you can shut down Zeronet (either normally or by pressing ctrl+c in the terminal)

    Note: If Firefox doesn't open automatically, open it yourself, type 127.0.0.1:43110 in the url field and press enter.

  5. From here on out we don't need Tor running anymore, so in the terminal where Tor was running you can terminate it's process(with ctrl+c) and close the window.

  6. Now we remove the generated data-directory, since we wont be using it:

    cd ZeroNet/
    sudo rm -r data/

  7. After that, it is time to modify the config file. To do this run:

    sudo gedit zeronet.conf

    Remove anything, that is written in there and replace it with:

    [global]
    open_browser = False
    data_dir = /home/user/ZeronetData
    tor = always
    trackers_proxy = tor
    force_encryption
    disable_udp
    

    Explanation:

    • open_browser = False: Makes it so, that the main browser(Firefox) won't be opened each time Zeronet is started.

    • data_dir = /home/user/ZeronetData: This is the directory where all Zeronet data will be stored. You may change this to wherever you like.

    • tor = always: This forces Zeronet to make all connections through .onion addresses(the Tor network). If you want to enable connections to regular IP addresses replace always with enable, however if you do this you are no longer anonymous, meaning others can see your real IP-address in the network.

    • trackers_proxy = tor: This forces Zeronet to make all tracker connections through the Tor network.

    • force_encryption: This forces Zeronet only to connect to peers, that offer to encrypt the traffic.

    • disable_udp: Since Tor is set to always and all tracker connections are forced through Tor, allowing udp is pointless, since Tor only allows tcp connections.

    You can also add other options in there, if you want. Once you're done you can save and close gedit.

  8. Right now, the ZeroBundle folder is owned by root, so we need to change it's ownership.

    sudo chown -R user:user /usr/share/ZeroBundle/

Make Zeronet and Tor automatically start

Now we need to make Zeronet and Tor start together with the templateVM.
Note: We'll use init.d instead of /rw/config/rc.local, because /rw/config/rc.local is not inherited by any appVM that uses the Zeronet-templateVM, therefore one would need to setup rc.local for each new Zeronet appVM, which is annoying and defeats the purpose of having an templateVM)

To have Zeronet and Tor automatically start that we:

  1. Go to init.d:

    cd /etc/init.d/

  2. Create our auto start script:

    sudo gedit start-zeronet

    In the appearing window paste:

    #!/bin/bash
    # chkconfig: 345 99 10
    # description: A script to start Zeronet and Tor on boot time.
    
    case "$1" in
     'start')
       ##Start Tor and save it's pid
       runuser -u toranon tor &
       tor_PID=$!
       echo $tor_PID > /home/user/.tor.pid
       ##Start Zeronet and save it's pid
       runuser -u user /usr/share/ZeroBundle/ZeroNet.sh &
       zeronet_PID=$!
       echo $zeronet_PID > /home/user/.zeronet.pid
       ;;
     'stop')
       ##Getting the pid for Zeronet, stoping it and removing it's pid file
       if [ -f /home/user/.zeronet.pid ] ; then 
         zeronet_PID=$(</home/user/.zeronet.pid);
         kill $zeronet_PID
         rm /home/user/.zeronet.pid
       fi
       ##Getting the pid for Tor, stoping it and removing it's pid file
       if [ -f /home/user/.tor.pid ] ; then 
         tor_PID=$(</home/user/.tor.pid);
         kill $tor_PID
         rm /home/user/.tor.pid
       fi
       ;;
    esac
    

    Explanation:

    The script starts Zeronet and Tor in an background process and stores their process ids(=PIDs) into hidden files in the /home/user directory, as zeronet.pid and tor.pid.
    You can make modifications to this script as you see fit, once you're done you can save and exit gedit.

  3. Make the script executable with:

    sudo chmod +x start-zeronet

  4. Check whether or not the script is valid:

    sudo chkconfig --list start-zeronet

    If the script doesn't show up: Redo step 2. It is likely that you had a typo somewhere.

  5. Register the script with:

    sudo chkconfig --add start-zeronet

Installing the Tor Browser

Now we just need to install the Tor Browser and we are done.
To do this:

  1. Go back to the downloads directory and unpack the Tor Browser bundle:

    cd /home/user/Downloads
    tar -xvf tor-browser-linux64-{someversion}_en-US.tar.xz

  2. Move the Tor Browser to /usr/local/share and change the owner of the moved folder, to the default user:

    sudo mv tor-browser_en-US/ /usr/local/share/tor-browser_en-US/
    sudo chown -R user:user /usr/local/share/tor-browser_en-US/

  3. Now go there and run the Tor Browser for the fist time(this will set the paths, in the inner workings of the Tor Browser, to the current location):

    cd /usr/local/share/tor-browser_en-US/
    sudo runuser -u user ./start-tor-browser.desktop

    You might be asked how you want to connect to Tor. If your government or ISP restricts your internet, follow the instructions on screen, otherwise press connect.

  4. You can now configure the Tor Browser however you want, but what you absolutely have to do in order for Zeronet to work is:

    1. Go into Preferences, under General, scroll down to Network Proxy and press the Settings... button. In the No Proxy for field add 127.0.0.1:43110 and than hit OK, to close the window.

    2. Click the green onion button in the top left(or sometimes top right), press Security Settings... and move the slider all the way up(to safest). While doing this is not required in order for Zeronet to work, I strongly suggest doing it, since in Tor Browser version 8 the slider setting 'Standard' does barely anything to preserve your anonymity!

What I think is nice to have enabled(=you don't need to do this):

  1. Go into Preferences and under General change the homepage to 127.0.0.1:43110(this sets the homepage to the IP and port of the Zeronet ui-server)

  2. Go into Preferences and under General check Use autoscrolling. This enables autoscrolling(= the scroll thingy that appears, if you middle-mouse-click on most browsers).

  3. If you have an version of the Tor Browser, that is 8 or above, you are not able to do this part and can skip it. If not, you are using an older version of the Tor Browser. Please keep in mind, that it is strongly advised, that you always use the latest available version. Old Tor Browser versions are considered insecure! Select the NoScript icon, click Options..., than on Whitelist, put http://127.0.0.1:43110 in the Address of web site: text field and press the Allow button. You can then hit OK to save and close the window.

You can now close the Tor Browser and return to the terminal.

Now, that we have configured our Tor Browser we need to make it usable for appVMs and set up our templateVM for easy maintenance. To do this we need to copy our current(configured) Tor Browser to /usr/local.orig/share, since appVMs will, on their creation, copy all contents of their templateVMs /home.orig/ and /usr/local.orig to their /home/ and /user/local/ directories. We need to have the normal user terminal for the next part. You can close the terminal and then reopen it or run exit, to get back to the user terminal. After that, we:

  1. Make the directory
    sudo mkdir /usr/local.orig/share/tor-browser_en-US/

  2. Copy the Tor Browser files over there
    cp -R /usr/local/share/tor-browser_en-US/Browser/ /usr/local.orig/share/tor-browser_en-US/Browser/
    cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop

  3. And change the ownership of the directory
    sudo chown -R user:user /usr/local.orig/share/tor-browser_en-US/

Now we need to tell Qubes, that we have installed the Tor Browser, so that we can select it in the add/remove app shortcuts for this qube section of the Qubes manager. To do that, we need to move the start-tor-browser.desktop file to an location, that can be found by Qubes. In our case, we'll choose /usr/share/applications:

  1. We make a copy of start-tor-browser.desktop and place it into /usr/share/applications with:

    sudo cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/share/applications/start-tor-browser.desktop

  2. We then just need to adjust the permissions for the desktop file.

    sudo chmod 644 /usr/share/applications/start-tor-browser.desktop

And with that we are basically done with the templateVM, however there are a few things we can add, to make life easier for us later.

Making life easier

We do this by adding scripts that help in the templateVM, by:

  1. Starting the Tor Browser in the templateVM(same as using the Qubes shortcut)

  2. Making changes, made to the configuration to the Tor Browser in the templateVM, available to all appVMs that use that template.

  3. Restoring the Tor Browser configuration, that is available to all appVMs inside the templateVM.

In addition to that: One script that will help in the appVMs, by applying the Tor Browser configuration, that was made available through the templateVM.

Note: I will put all scripts in the /home/, as well as in the /usr/local/bin directory, so that you can quickly see what scripts there were and how they where called. You can run them as if they were a normal terminal command or by executing the script more explicitly with ./runSomething.sh.

In this section, we need to have an terminal with user permissions. To achieve that, you can either close the terminal and open a new one or run exit in your current terminal.

For script 1 we:

  1. Move to the /home/ directory
    cd /home/user/

  2. Create and open the file that contains our script:
    gedit runTemplateTorBrowser.sh

  3. Paste this script in there:

    #!/bin/sh
    cd /usr/local/share/tor-browser_en-US/
    ./start-tor-browser.desktop
    
  4. Save and close the file.

  5. Adjust permissions for the file
    sudo chmod 755 runTemplateTorBrowser.sh

  6. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp runTemplateTorBrowser.sh /usr/local/bin/runTemplateTorBrowser

Moving on to script 2, we:

  1. Create and open the file that contains our script:
    gedit applyTemplateTorBrowser.sh
  2. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local.orig/share/tor-browser_en-US/Browser/
    rm /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local/share/tor-browser_en-US/Browser/ /usr/local.orig/share/tor-browser_en-US/Browser/
    cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop
    
  3. Save and close the file.

  4. Adjust permissions for the file
    sudo chmod 755 applyTemplateTorBrowser.sh

  5. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp applyTemplateTorBrowser.sh /usr/local/bin/applyTemplateTorBrowser

Then script 3:

  1. Create and open the file that contains our script:
    gedit revertTemplateTorBrowser.sh
  2. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local/share/tor-browser_en-US/Browser
    rm /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local.orig/share/tor-browser_en-US/Browser /usr/local/share/tor-browser_en-US/Browser
    cp /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    
  3. Save and close the file.

  4. Adjust permissions for the file
    sudo chmod 755 revertTemplateTorBrowser.sh

  5. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp revertTemplateTorBrowser.sh /usr/local/bin/revertTemplateTorBrowser
    now close all open windows and shut the VM down.

And finally for the appVM script, we:

  1. Move to the /home.orig/ directory
    cd /home.orig/user/
  2. Create and open the file that contains our script:
    gedit updateTorBrowser.sh
  3. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local/share/tor-browser_en-US/Browser
    rm /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local.orig/share/tor-browser_en-US/Browser /usr/local/share/tor-browser_en-US/Browser
    cp /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    
  4. Save and close the file.

  5. Adjust permissions for the file
    sudo chmod 755 updateTorBrowser.sh

  6. Copy it to /usr/local.orig/bin, to have it available as an terminal command in that appVM
    sudo cp updateTorBrowser.sh /usr/local.orig/bin/updateTorBrowser

Tasks

Creating an Zeronet appVM

Now you'll just need to create an appVM, in which you'll actually use Zeronet.
To do that:

  1. In Qubes select Create a new qube.

  2. Choose what you want to name it.

  3. Select appVM as the type.

  4. Take the Zeronet templateVM(the one we just made) as template and use whichever netVM you want.
    Note: Since we instructed Zeronet to make all connections through Tor, selecting sys-whonix would mean we go through Tor twice. The safest and fasted choice here would be to choose an VPN netVM, to catch any leaks or potential mistakes you make. Choosing sys-firewall as netVM is also alright, if you don't have to worry about leaks, mistakes on your end, that may reveal your real IP or your ISP knowing you use Tor.

  5. Click finish to continue.

  6. After the qube is created right click the VM and click add/remove app shortcuts.

  7. Select the Tor Browser and add any application you also want to have. Keep in mind that you may have to refresh the applications before the Tor Browser shows up there.
    Note: If you're only going to use this qube for Zeronet browsing, you don't need to select Firefox, since you're always going to use the Tor Browser to do that, anyway.

Updating Zeronet

To update Zeronet, you need to start the templateVM and the Tor Browser. You can do this by:

  • Pressing the Tor Browser icon in the Qubes shortcuts for the templateVM
  • Opening the terminal and running ./runTemplateTorBrowser.sh in the /home/user/ directory
  • Opening the terminal and running runTemplateTorBrowser

This will start the Tor Browser.
If you do this the first time, you'll see that Zeronet is downloading ZeroHello again, which makes sense, because we deleted the /usr/share/ZeroBundle/ZeroNet/data/ directory and specified a new data directory(inside the home folder) in the setup above.
Wait until Zeronet is finished downloading and then update Zeronet as you would always do:

  1. Clicking the three dots.

  2. Clicking Version{version}({rev}):{status}.

  3. Confirm the dialogue, that pops up by pressing Update ZeroNet{version}.

  4. Wait until the Connection with UiServer Websocket recovered. message appears.

After the update is done, you can shut down Zeronet and after that the templateVM as well. The Zeronet update is automatically applied on every appVM that has this templateVM as template.
Note: You also can visit and download http://127.0.0.1:43110/1UPDatEDxnvHDo7TXvq6AEBARfNkyfxsp/, before you update. This will cause all updates to be downloaded, using Zeronet itself.

Updating the Tor Browser in the templateVM

Before you do this: Read the Things to keep in mind section below!
To update the Tor Browseror in the templateVM or change it's configuration, you need to start the templateVM and the Tor Browser. You can do this by:

  • Pressing the Tor Browser icon in the Qubes shortcuts for the templateVM
  • Opening the terminal and running ./runTemplateTorBrowser.sh in the /home/user/ directory
  • Opening the terminal and running runTemplateTorBrowser

This will start the Tor Browser. Now you need to click the onion icon on the top left(sometimes top right) and select Check for Tor Browser Update.... The Tor Browser will now automatically update itself. If you also want to modify the Tor Browser configuration, you can do that now, too. After you are done, you can close the Tor Browser. Now, for your changes and the update to be available to the appVMs, you need to open the terminal and do one of these:

  • ./applyTemplateTorBrowser.sh in the /home/user/ directory
  • applyTemplateTorBrowser

If you made changes, that you changed your mind about, don't know how to reverse and haven't made them available yet(through the applyTemplateTorBrowser command), you can use one of these:

  • ./revertTemplateTorBrowser.sh in the /home/user/ directory
  • revertTemplateTorBrowser

to revert the Tor Browser inside the templateVM back to the configuration it had before. Specifically revertTemplateTorBrowser will revert the Tor Browser to the state after the last time applyTemplateTorBrowser has been used.
Note: This is not a full backup feature, just a nice thing that we can do, because our setup allows this. revertTemplateTorBrowser blindly replaces the Tor Browser in the templateVM with the contents of /usr/local/share/tor-browser_en-US/, this will not be an issue, if you only use the scripts above, but is something to keep in mind if you do/did some hands on stuff.

You can now shut the templateVM down. From this point on every newly created appVM will use the updated Tor Browser. For appVMs, that were created before the update was made, you need to open them and in their terminal and run one of these:

  • ./updateTorBrowser.sh in the /home/user/ directory

  • updateTorBrowser

This will apply the update on the Tor Browser in that appVM.
Note: Using updateTorBrowser will erase anything, that wasn't already in the Tor Browser inside the templateVM, for example bookmarks and add-ons. Make a backup of those before using that command!

Updating the Tor Browser in an appVM

Start the Tor Browser. Now click the green onion icon on the top left(sometimes top right) and select Check for Tor Browser Update.... The Tor browser will now automatically update itself. After it is done, you can restart the Tor Browser.

Updating the templateVM

Start the Qubes Manager, select the templateVM and press the Update qube system button (the blue downward pointing arrow).

Things to keep in mind

  • The Tor Browser is only inherited once, meaning that after you have created an appVM from the templateVM, the Tor Browser in that appVM will not be influenced by the templateVM, unless you run the updateTorBrowser script.
    In other words: Changes, that you make in the templateVM Tor Browser, will not be automatically on all appVMs, that have been created from the templateVM! The changes only automatically appear in appVMs that are created after the changes to the templateVM Tor Browser were made! For all other appVMs call one of these:
    • ./updateTorBrowser.sh in the /home/user/ directory
    • updateTorBrowser

15 Comments:

user_name1 day ago
Reply
Body
pexoon May 15, 2019
Reply

insurgo: Does this resolves the problematic?

I haven't tried it. Nofish himself said, that you should not use the new updater zite to update from 0.6.x to 0.7.x. Probably because it doesn't update pip libs and will, thus fail to restart once its done updating. It's really only meant to update from 0.7.x to 0.7.x+1

insurgoon May 15, 2019
Reply

pexo: Done!

All of my yes. Nevertheless py3 requires these dependencies.

Does this resolves the problematic?

insurgoon May 13, 2019
Reply

pexo: Done!

All of my yes. Nevertheless py3 requires these dependencies.

Received and read in diagonal. Well written with service creation included and everything. Never checked the content of packaged ZeroNet for linux, but you might want to propose things upstream?

pexoon May 13, 2019
Reply

insurgo: Can look into it. send it over ZeroMail :)

Done!

Avoid Third Party Package Managers
There are many third party package managers besides APT, however they lack the security safeguards that are standard in Debian. Popular examples are pip and node.js.

All of my yes. Nevertheless py3 requires these dependencies.

insurgoon May 13, 2019
Reply

pexo: It's not that, it works fine for normal templates. I already made a script that does an automated install on a freshly cloned fedora29 template. (I can send it to you, if you want to try it for yourself) It's something that Whonix does.

Honestly, I don't think they'll do. They are like pretty python-pip exclusive. The fact that so many even are in the OS repo is surprising to me considering that you'd not typically expect npm, cargo or maven(or whatever that java things was called) packages to be there either.

It isn't really unmaintained code, you'd just need to update it every once in a while.
I also just realized the the Whonix wiki recommends installing ZeroNet to the appVM and not to the templateVM. I don't think that this is a good idea, an attacker exploiting a bug in ZeroNet shouldn't be able to permanently compromise your appVM(by adding some lines to a .py file in zeronets installation directory, for example)

Can look into it. send it over ZeroMail :)
But that fits with what they say...https://www.whonix.org/wiki/Install_Software

Avoid Third Party Package Managers
"There are many third party package managers besides APT, however they lack the security safeguards that are standard in Debian. Popular examples are pip and node.js. The security concern with third party options is they do not verify the code comes from the author. When used, these package managers will run processes that pull untrusted code from the Internet and perform operations with root level permissions. If a trusted Workstation VM is required for sensitive use cases such as a Bitcoin wallet, then users should completely avoid this option. [3] [4] "

pexoon May 13, 2019
Reply

insurgo: Templates don't permit direct communications to internet by default. You could temporarily permit internet access in the template settings if I recall, but that would leave you with unmaintained libraries, which is not desirable.

It's not that, it works fine for normal templates. I already made a script that does an automated install on a freshly cloned fedora29 template. (I can send it to you, if you want to try it for yourself) It's something that Whonix does.

dependencies will make their way into Whonix repos

Honestly, I don't think they'll do. They are like pretty python-pip exclusive. The fact that so many even are in the OS repo is surprising to me considering that you'd not typically expect npm, cargo or maven(or whatever that java things was called) packages to be there either.

Not a fan of unmaintained code running into whonix-ws template and template dependent qubes.

It isn't really unmaintained code, you'd just need to update it every once in a while.

I also just realized the the Whonix wiki recommends installing ZeroNet to the appVM and not to the templateVM. I don't think that this is a good idea, an attacker exploiting a bug in ZeroNet shouldn't be able to permanently compromise your appVM(by adding some lines to a .py file in zeronets installation directory, for example)

insurgoon May 13, 2019
Reply

pexo: That's not what I meant. The python3 version adds quite a bit more dependencies to ZeroNet which the python package manager(pip) needs to install(see README on the py3 branch). However (by the looks of it) whonix blocks any connection pip tries to make to the internet, so the packages can't be downloaded and for some there isn't a packaged version available in the OS repo base58(in requirements.txt) for example. One way around this would be to manually download the packages an then install the local download with pip, but that seems somewhat too hacky for me to be practical(updating those will be annoying).

There is no pip-secure alternatives providing https?
Templates don't permit direct communications to internet by default. You could temporarily permit internet access in the template settings if I recall, but that would leave you with unmaintained libraries, which is not desirable.

I'm pretty sure dependencies will make their way into Whonix repos, with proper instructions, when upstreamed. Came across forum posts saying pip was not secure enough to be used on whonix a while ago but can't find it in my history right now.

For my part, i'm sticking to py2 until it is upstreamed and taken cared of properly. Not a fan of unmaintained code running into whonix-ws template and template dependent qubes.

pexoon May 13, 2019
Reply

insurgo: Right. The py3 branch has some conflicts and cannot be merged into master as it is today.

That's not what I meant. The python3 version adds quite a bit more dependencies to ZeroNet which the python package manager(pip) needs to install(see README on the py3 branch). However (by the looks of it) whonix blocks any connection pip tries to make to the internet, so the packages can't be downloaded and for some there isn't a packaged version available in the OS repo base58(in requirements.txt) for example. One way around this would be to manually download the packages an then install the local download with pip, but that seems somewhat too hacky for me to be practical(updating those will be annoying).

insurgoon May 13, 2019
Reply

tusiko: Thanks for the very detailed tutorial. I used Qubes for a long time but the actual version does not work on my laptop. Some system requirements are missing. I love Qubes and hope that I find at next a machine where I can install it again. Till then I am very happy with Arch Linux.

X230!!!! With Heads? as a firmware replacement?
https://github.com/osresearch/heads

insurgoon May 13, 2019
Reply

pexo: Din't realize/forgot, that whonix had onion grater.But it seems to kill pip communication. Are there any instructions for getting the py3 version of zeronet working?https://github.com/HelloZeroNet/ZeroNet/tree/py3

insurgo: I may not use ZeroNet extensively enough to realize something was not working?

Right.
The py3 branch has some conflicts and cannot be merged into master as it is today.
So to use it, one would have to clone ZeroNet first:
cd ~/
git clone https://github.com/HelloZeroNet/ZeroNet.git ZeroNet_py3
cd ZeroNet_py3
git checkout py3

Then for subsequent uses:
cd ~/ZeroNet_py3/ && git pull origin && ./zeronet.py --tor always --fileserver_ip $(qubesdb-read /qubes-ip) & torbrowser http://127.0.0.1:43110

Note that as of today, py3 branch was updated 11 days ago.
py3 branch will be merged into master soon enough.

Meanwhile I still suggest users to use the py2 (main) branch:
cd ~/
git clone https://github.com/HelloZeroNet/ZeroNet.git
cd ~/ZeroNet/ && git pull origin && ./zeronet.py --tor always --fileserver_ip $(qubesdb-read /qubes-ip) & torbrowser http://127.0.0.1:43110

insurgoon May 13, 2019
Reply

pexo: Din't realize/forgot, that whonix had onion grater.But it seems to kill pip communication. Are there any instructions for getting the py3 version of zeronet working?https://github.com/HelloZeroNet/ZeroNet/tree/py3

I may not use ZeroNet extensively enough to realize something was not working?

pexoon May 12, 2019
Reply

insurgo: Once having followed that, user can run once:git clone https://github.com/HelloZeroNet/ZeroNet.gitThen before launching ZeroNet from its qube:cd ~/ZeroNet/ && git pull origin && ./zeronet.py --tor always --fileserver_ip $(qubesdb-read /qubes-ip)

Din't realize/forgot, that whonix had onion grater.
But it seems to kill pip communication. Are there any instructions for getting the py3 version of zeronet working?
https://github.com/HelloZeroNet/ZeroNet/tree/py3

insurgoon May 09, 2019
Reply

insurgo: IMOHO, the proper way to do this is through a dedicated Qubes-Whonix WS qube, on which after having followed updated whonix zeronet instructions (As of May 2019: https://www.whonix.org/wiki/ZeroNet) permits publishing content exclusively through tor on hardened QubesOS-Whonix WS profile.
The onion-grater needs to be manually updated in the whonix-gw-14 profile as of todaym but should be packaged and updated through repositories soon enough.
Crosslinking to this blog post for explanations http://127.0.0.1:43110/1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:9:Finally,+ZeroNet+works+under+QubesOS+to+host+Zites+in+Qubes-Whonix+Workstation!

Once having followed that, user can run once:
git clone https://github.com/HelloZeroNet/ZeroNet.git
Then before launching ZeroNet from its qube:
cd ~/ZeroNet/ && git pull origin && ./zeronet.py --tor always --fileserver_ip $(qubesdb-read /qubes-ip)

insurgoon May 09, 2019
Reply

IMOHO, the proper way to do this is through a dedicated Qubes-Whonix WS qube, on which after having followed updated whonix zeronet instructions (As of May 2019: https://www.whonix.org/wiki/ZeroNet) permits publishing content exclusively through tor on hardened QubesOS-Whonix WS profile.

The onion-grater needs to be manually updated in the whonix-gw-14 profile as of todaym but should be packaged and updated through repositories soon enough.

Crosslinking to this blog post for explanations http://127.0.0.1:43110/1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:9:Finally,+ZeroNet+works+under+QubesOS+to+host+Zites+in+Qubes-Whonix+Workstation!

tusikoon Dec 29, 2018
Reply

Thanks for the very detailed tutorial. I used Qubes for a long time but the actual version does not work on my laptop. Some system requirements are missing. I love Qubes and hope that I find at next a machine where I can install it again. Till then I am very happy with Arch Linux.

This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More