Tails finish

2023-04-05 12:01:52 -07:00 · 2023-04-05 12:01:52 -07:00 · d3ebfb6643
parent 4953caae69
commit d3ebfb6643
4 changed files with 87 additions and 18 deletions
--- a/blog/2023-04-06-availability-and-profile-attributes.md
+++ b/blog/2023-04-06-availability-and-profile-attributes.md
@ -32,7 +32,7 @@ New in this nightly is the ability to notify your conversations that you are "Aw
 <figcaption></figcaption>
 </figure>

-Read more: [availability status](/docs/profiles/availability-status)
+Read more: [Availability Status](/docs/profiles/availability-status)

 ## Profile Attributes

@ -45,16 +45,16 @@ Also new is the ability to augment your profile with a few small pieces of **pub
 <figcaption></figcaption>
 </figure>

-Read more: [profile information](/docs/profiles/profile-info)
+Read more: [Profile Information](/docs/profiles/profile-info)
  
 ## Downloading the Nightly

-[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-01-15-v1.11.0-6-g7748** are available below.
+[Nightly builds](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) are available from our build server. Download links for **2023-04-05-18-28-v1.11.0-7-g0290** are available below.

-* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-05-15-v1.11.0-6-g7748/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-05-15-v1.11.0-6-g7748/)
-* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-05-15-v1.11.0-6-g7748/](https://build.openprivacy.ca/files/flwtch-2023-04-05-05-15-v1.11.0-6-g7748/)
-* Max: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-01-15-v1.11.0-6-g7748/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-01-15-v1.11.0-6-g7748/)
-* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-05-15-v1.11.0-6-g7748/](https://build.openprivacy.ca/files/flwtch-2023-04-05-05-15-v1.11.0-6-g7748/)
+* Windows: [https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-win-2023-04-05-18-28-v1.11.0-7-g0290/)
+* Linux: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)
+* Max: [https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-macos-2023-04-05-14-27-v1.11.0-7-g0290/)
+* Android: [https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/](https://build.openprivacy.ca/files/flwtch-2023-04-05-18-27-v1.11.0-7-g0290/)

 Please see the contribution documentation for advice on [submitting feedback](/docs/contribute/testing#submitting-feedback)

--- a/docs/platforms/tails.md
+++ b/docs/platforms/tails.md
@ -4,14 +4,14 @@ sidebar_position: 1

 # Running Cwtch on Tails

-:::caution Nightly Feature
+:::warning Nightly Feature

-This functionality is currently available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.
+This functionality is currently **only** available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.

-This functionality may be incomplete. Please help us to test and refine it.
+This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.
 :::

-The following steps requires that Tails has been launched with an [Administration password](https://tails.boum.org/doc/first_steps/welcome_screen/administration_password/).
+The following steps require that Tails has been launched with an [Administration Password](https://tails.boum.org/doc/first_steps/welcome_screen/administration_password/).

 Tails uses [Onion Grater](https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/usr/local/lib/onion-grater#L3) to guard access to the control port. We have packaged 
 an oniongrater configuration [`cwtch-tails.yml` ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/linux/cwtch-tails.yml) and setup script (`install-tails.sh`) with Cwtch on Linux.
@ -27,7 +27,76 @@ The tails-specific part of the script is reproduced below:
        # Restart Onion Grater so the Config Takes effect
        sudo systemctl restart onion-grater.service

-When launching, Cwtch on Tails should be passed the `CWTCH_TAILS=true` environment variable to automatically configure Cwtch for running in a Tails-like environment. (The `cwtch.tails.sh` does this)
+When launching, Cwtch on Tails should be passed the `CWTCH_TAILS=true` environment variable to automatically configure Cwtch for running in a Tails-like environment:
+
+`exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch`
+
+:::info Install Location
+
+The above command, and the below onion grater configuration assume that Cwtch was installed in `~/.local/lib/cwtch/cwtch` - if Cwtch was installed somewhere else (or if you are running directly from the download folder) then you will need to adjust the commands.
+
+:::
+
+## Onion Grater Configuration
+
+The oniongrater configuration [`cwtch-tails.yml` ](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/branch/trunk/linux/cwtch-tails.yml) is reproduced below. As noted this configuration is can likely be restricted much
+further. 
+
+        ---
+		# TODO: This can likely be restricted even further, especially in regards to the ADD_ONION pattern
+		- apparmor-profiles:
+		    - '/home/amnesia/.local/lib/cwtch/cwtch'
+		  users:
+		    - 'amnesia'
+		  commands:
+		    AUTHCHALLENGE:
+		      - 'SAFECOOKIE .*'
+		    SETEVENTS:
+		      - 'CIRC WARN ERR'
+		      - 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
+		    GETINFO:
+		      - '.*'
+		    GETCONF:
+		      - 'DisableNetwork'
+		    SETCONF:
+		      - 'DisableNetwork.*'
+		    ADD_ONION:
+		      - '.*'
+		    DEL_ONION:
+		      - '.+'
+		    HSFETCH:
+		      - '.+'
+		  events:
+		    CIRC:
+		      suppress: true
+		    ORCONN:
+		      suppress: true
+		    INFO:
+		      suppress: true
+		    NOTICE:
+		      suppress: true
+		    WARN:
+		      suppress: true
+		    ERR:
+		      suppress: true
+		    HS_DESC:
+		      response:
+			- pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
+			  replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
+			- pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
+			  replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
+			- pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
+			  replacement: '650 HS_DESC UPLOADED {} {} redacted'
+			- pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH'
+			  replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
+			- pattern:     '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
+			  replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
+			- pattern:     '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
+			  replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
+			- pattern:     '.*'
+			  replacement: ''
+		    HS_DESC_CONTENT:
+		      suppress: true

 ## Persistence

--- a/docs/profiles/availability-status.md
+++ b/docs/profiles/availability-status.md
@ -4,11 +4,11 @@ sidebar_position: 14

 # Setting Availability Status

-:::caution Nightly Feature
+:::warning Nightly Feature

-This functionality is currently available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.
+This functionality is currently **only** available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.

-This functionality may be incomplete.
+This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.
 :::

 On the [conversations pane](https://docs.cwtch.im/docs/category/conversations) click the Status icon next to your profile picture.
--- a/docs/profiles/profile-info.md
+++ b/docs/profiles/profile-info.md
@ -4,11 +4,11 @@ sidebar_position: 15

 # Setting Profile Attributes

-:::caution Nightly Feature
+:::warning Nightly Feature

-This functionality is currently available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.
+This functionality is currently **only** available in the [Nightly Release](https://docs.cwtch.im/docs/contribute/testing#cwtch-nightlies) builds of Cwtch.

-This functionality may be incomplete.
+This functionality may be incomplete and/or dangerous if misused. Please help us to review, and test.
 :::

 On the [profile management pane](/docs/profiles/introduction#manage-profiles) there are three free-form text fields below your profile picture.