OS X Vidalia Bundle Thoughts

Posted October 29th, 2008 by phobos
in

A few weeks ago, I watched some non-technical OS X users attempt to install the Vidalia-Tor Bundle. Many of them tried to drag the installation package to Applications. A few were surprised it required an installation at all.

In Vidalia trunk I committed a different way to install Vidalia, Tor, and Polipo. In this new dmg, you just open it up and drag the Vidalia icon into Applications. You now have Tor, Vidalia, and Polipo pre-configured and running completely out of Applications. While this works well for users that never installed Tor/Vidalia before, it doesn't work so well for existing installations.

Is it smart to think users will un-install their existing Vidalia/Tor bundle before using the drag and drop installation method? My inclination is that it isn't smart. This installation method also removes the ability to automatically install Torbutton for Firefox.

In comparison, the current method is to ship a dmg which contains a metapackage. This metapackage contains a few scripts to run pre and post-installation, which do smart things to save current configurations, upgrade existing software binaries, and try to install Torbutton for Firefox. In general, this method has worked well for most users. I've heard from enough people to know they tried to drag and drop the metapackage into Applications at first, and when that didn't work, double-clicked the metapackage to start the installer.

I'm now leaning towards creating a Tor Browser Bundle for OS X; which can run out of the dmg or be installed via drag and drop. Much like the current Tor Browser Bundle (also, we should stop naming everything Tor), it would be self-contained and leave zero trace on the machine after closing.

Thoughts on ways to make the OS X install easier, ostensibly via drag and drop install? Or is the effort to create a TBB for OS X a better use of resources?

osx packages are very common

On October 30th, 2008 jan (not verified) said:

Many OSX apps get installed via a package. Just set your .dmg so that it contains a graphical hint to double-click and install.
Drag-and-drop apps do a similar thing adding a graphic display to instruct the user to move the app to Application folder.

what about privoxy?

On October 30th, 2008 Anonymous (not verified) said:

i've been using the vidalia bundle for a while on my mac, but it has privoxy installed (and starting up with the machine). if i install a new version of tor that uses polipo, what happens to my privoxy then?

hopefully, your privoxy is

On October 30th, 2008 Anonymous (not verified) said:

hopefully, your privoxy is replaced with polipo

Installers, while not

On October 30th, 2008 Erik Swanson (not verified) said:

Installers, while not uncommon, should be used only as a last resort when there is absolutely no way to have things run sensibly from within fully independent bundles. (An example of something that legitimately warrants the use of an installer would be the massive amount of code/resources shared among the apps in Adobe's creative suite.)

For Tor, ignoring the browser bundle option, I think the best route to go would be to redesign Vidalia as a .prefpane and include tor and polipo inside the bundle.
Preference panes are very user-friendly because double-clicking one opens it in System Preferences with the option of installing it on a per-user or system-wide basis. Uninstallation is also simple, as a user can remove a prefpane by control-clicking on it.

"Much like the current Tor

On November 4th, 2008 Anonymous (not verified) said:

"Much like the current Tor Browser Bundle (also, we should stop naming everything Tor), it would be self-contained and leave zero trace on the machine after closing."

I believe this would only work a) on OpenBSD or b) if you do not use swap or a pagefile.sys.

On OpenBSD, it can work because OpenBSD encrypts swap with highly volatile keys. That is, once the application is done using swap, the key is deleted, effectively deleted traces of the application in swap.
http://www.openbsd.org/papers/swapencrypt.ps
http://www.openbsd.org/papers/swapencrypt-slides.ps

In Linux, if you encrypt the swap partition (dm-crypt or loop-aes) with the random key option, it will at least choose a new random key each time the computer boots. So, as long as you remember to reboot the computer after use, this should be good enough.

All versions of OSX say they

On November 4th, 2008 Anonymous (not verified) said:

All versions of OSX say they encrypt swap files, but do not do so completely. strings your /var/vm/swapfile0 after opening Mail.app and notice all of the plaintext in there. I've opened a bug report for every version of OSX since 10.2 with this bug only to be ignored by Apple.

And yes, "secure vm" is

On November 4th, 2008 Anonymous (not verified) said:

And yes, "secure vm" is enabled in all cases.

Not all versions. I have

On November 9th, 2008 Anonymous (not verified) said:

Not all versions. I have Mac OS X 10.2.8, and and I can't find any swap encryption or secure virtual memory feature in the Preferences. (Incidentally, Tor doesn't work on Mac OS X 10.2.8 either. Any chance of fixing that? Well, at least JAP works, and I have another computer on which Tor does work.)

I believe the bug you mentioned can occur if you switch to using swap encryption after not using it. Things that were in swap before it got encrypted stay unencrypted, unless you take additional measures like overwriting swap with 0s or, better yet, randomness, before encrypting it. At least that's what I'd guess based on what I've read.

But I can't find any sort of technical description on the implementation. They obviously don't bother deleting what's already there. What about the keys? Is there just one key you have to type in every time you boot? (Unlikely, not user friendly, but that is the case for Windows users using Truecrypt to access a partition containing their pagefile.sys.) If that were the case, the information would not be deleted, just unavailable to anyone who does not know the password when the computer is shut off. Does it generate a random key at each boot, like Linux? This is quite likely, but then the information is still available until the computer is shut down and the key deleted. Or does it use highly volatile keys like OpenBSD? That would be great, but considering they didn't even bother to automatically overwrite the swap file with random data when a user switches to encrypted swap, I doubt they thought it through that carefully.

lack of jaguar/10.2.8 support

On November 10th, 2008 phobos said:

The main reason tor no longer works in jaguar/10.2.8 is because we lack a copy of the OS and machine capable of running it. Feel free to report bugs, even better if you've tried to compile tor and vidalia and can report those bugs.

Tor is a non-profit and can accept donations. (hint hint)

The build machine for panther is an old imac dv (g3 power and all). Dual booting OSXes may be possible, too.

I downloaded the source for

On November 17th, 2008 Anonymous (not verified) said:

I downloaded the source for 0.2.0.31, the latest stable version at the moment. ./configure worked fine, but make did not. Here is the output from make:

make all-recursive
Making all in src
Making all in common
source='log.c' object='log.o' libtool=no \
DEPDIR=.deps depmode=gcc /bin/sh ../../depcomp \
gcc -DHAVE_CONFIG_H -I. -I../.. -I../common -g -O2 -Wall -g -O2 -c log.c
./compat.h:276: undefined type, found `socklen_t'
cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode
In file included from ./util.h:18,
from log.c:26:
./compat.h:276: parse error before "socklen_t"
make[3]: *** [log.o] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

I have the same problem with Tor 0.2.1.7-alpha.

make all-recursive
Making all in src
Making all in common
source='address.c' object='address.o' libtool=no \
DEPDIR=.deps depmode=gcc /bin/sh ../../depcomp \
gcc -DHAVE_CONFIG_H -I. -I../.. -I../common -g -O2 -Wall -g -O2 -c address.c
compat.h:307: undefined type, found `socklen_t'
cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode
In file included from address.c:15:
compat.h:307: parse error before "socklen_t"
make[3]: *** [address.o] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

did you follow the

On November 18th, 2008 phobos said:

did you follow the directions for compiling on OSX? https://svn.torproject.org/svn/tor/trunk/doc/tor-osx-dmg-creation.txt

Thanks; it looks like

On December 2nd, 2008 nickm said:

Thanks; it looks like socklen_t was used before we defined a replacement for socklen_t for platforms that don't have one. I've checked fixes for 0.2.0.x and 0.2.1.x into the repository; does it build better for you now?

osx torbrowser would be

On November 7th, 2008 Anonymous (not verified) said:

osx torbrowser would be great! I currently use it often on wxp but would love to use it within osx.

TBB for osx

On November 10th, 2008 phobos said:

Yes, this is on the list to do. There is much research to figure out what and where updates are written to reflect usage of TBB on OS X. For what's committed to vidalia's svn, some minor tweaks to vidalia control code and you have an insecure TBB already.

Torbutton for Firefox 3

On December 1st, 2008 Andreas (not verified) said:

I tried to install the Torbutton and my Firefox 3 hanged. Is there any new version of torbutton planned or is a downgrade of Firefox neccessary?

Thanks a lot
Andreas

which torbutton version?

On December 1st, 2008 phobos said:

Which torbutton version did you attempt to install? Torbutton 1.2.0-fx works with FF3 just fine.

Tor Browser Bundle for Mac

On December 13th, 2008 Anonymous (not verified) said:

Yes, please! I recently downloaded the Vidalia bundle and installed it from the .dmg. The onion icon happily changes color and all seems to be humming along beautifully. Except... I don't know how to configure Firefox 3.0.4 so everybody plays nicely together. I considered replacing the whole shebang with the Tor Browser Bundle when I became aware it existed; alas, it's Windows. So, I'm almost there when almost isn't good enough. I'd happily buy a commercial version if it included a "Tor for Idiots" book. Meantime, any help would be appreciated.

installation difficulties on mac 10.5.2 and mac 10.3.9

On December 14th, 2008 Anonymous (not verified) said:

installation failure message at the last stage:post flight script. We need to install fairly quickly due to my wife being a journalist and I am a Psychologist. Please help. Dr. Baker

I bet it installed fine, and

On December 14th, 2008 Anonymous (not verified) said:

I bet it installed fine, and something unimportant failed to load.

I've had the same difficulty

On December 24th, 2008 Anonymous (not verified) said:

I've had the same difficulty (post flight script) installing the tor bundle with OS 10.5.5 and Firefox 3.0.5. Any update?

open a bug

On December 27th, 2008 phobos said:

open a bug at bugs.torproject.org. most likely, the installation completed fine but some sub-part of the postflight script failed. apple only has the binary ALL GOOD or ALL BAD status, so if anything produces an error, it's ALL BAD according to apple. In my testing, even with these ALL BAD reports, everything works fine.

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Copy the characters (respecting upper/lower case) from the image.