Dev/OnionShare

From Whonix
< Dev
Jump to navigation Jump to search
OnionShare Logo

OnionShare in Whonix - Development Notes

Developers only! Risk of Tor over Tor!

Notes[edit]

  • Qubes-Whonix users should consider creating a separate, cloned whonix-workstation-17-onionshare Template before installing OnionShare/flatpak.
  • OnionShare from the Debian stable repository is suitable for most users. Flatpak can be utilized for later OnionShare versions; v2.4 is packaged at the time of writing. [1]

Flatpak OnionShare Installation[edit]

Install onionshare via flatpak.

1. Add a Flatpak repository.

A : Non-Qubes-Whonix

===

Non-Qubes-Whonix

Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.

B : Qubes-Whonix Template

===

Qubes-Whonix Template (whonix-workstation-17)

Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.

C : Qubes-Whonix App Qube

Qubes-Whonix App Qube (anon-whonix)

The user needs to Kicksecure logo Enable the Flathub Repository Onion Version . Must be enabled per-user.

2. Install the flatpak onionshare package.

A : Non-Qubes-Whonix

===

Non-Qubes-Whonix [2]

flatpak install flathub onionshare

B : Qubes-Whonix Template

===

Qubes-Whonix Template (whonix-workstation-17) [3]

Note: Advanced users that uninstalled the qubes-core-agent-passwordless-sudo package should see forum thread Warning: Flatpak system operation Deploy not allowed for userarchive.org.

http_proxy=http://127.0.0.1:8082 https_proxy=$http_proxy flatpak install flathub onionshare

C : Qubes-Whonix App Qube

Qubes-Whonix App Qube (anon-whonix) [4]

flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

flatpak --user install flathub onionshare

3. Done.

The procedure of installing onionshare is complete.

4. Upgrades notice.

Note: this procedure will not keep the software up-to-date. How to update installation installed by flatpak is also documented on the Operating System Software and Updates wiki page.

Issue[edit]

Flatpak installed OnionShare does not listen on all network interfaces but 127.0.0.1 only. It is therefore unreachable from Whonix-Gateway. This is because file /usr/share/anon-ws-base-files/workstation does not exist inside the Flatpak folder.

related: https://github.com/onionshare/onionshare/blob/develop/cli/onionshare_cli/web/web.py#L360_L364archive.org

Does the following help?

sudo mkdir /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files

sudo touch /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files/workstation

flatpak breaks application's Whonix detection #4640archive.org

Debugging[edit]

To see what's happening "under the hood". When using Debian package installed OnionShare version only. This does not work for Flatpak installed OnionShare version.

uwtwrapper_verbose=1 onionshare

View listener.

netstat -tulpen

Should show Local Address 0.0.0.0, meaning listening on all interfaces which is required in case of Whonix so onionshare running inside Whonix-Workstation can be reached from Whonix-Gateway. (As opposed to onionshare running on a host without Whonix where it should listen on localhost 127.0.0.1 onl.y

Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
[...]
tcp        0      0 0.0.0.0:17605           0.0.0.0:*               LISTEN      1000       30959      4009/python3

uwtarchive.org and bindparchive.org is no longer required since Whonix 16 (Debian bullseye based).

/usr/bin/onionshare.anondist-orig a

Footnotes[edit]

  1. https://flathub.org/apps/details/org.onionshare.OnionSharearchive.org
  2. Non-Qubes-Whonix:
    • system-wide (requires administrative ("root") rights) (compatible with noexec): flatpak install flathub {{{package}}}
    • per-user (no administrative rights required) (probably not compatible with noexec): flatpak --user install flathub {{{package}}}
    What is better? System-wide or per-user?
    • <>usability:</> Flathub is enabled by default system-wide but not per-user.archive.org
    • multi-user: On a multi-user system (probably if multiple human users use the same computer, which is rare nowadays), system-wide might be preferable as this saves disk space.
    • At preset: Does not make any difference.
    • Future-proof: Per-user might be more future-proof. It would be compatible with future Whonix security improvements Dev/user-sysmaint-split. However, noexec for the home folder is to be considered later, at which point this documentation needs to be updated once that has been implemented.
  3. Qubes-Whonix Template: flatpak cannot be used with the --user option. This is because in case of using a Qubes Template, the flatpak needs to be installed system-wide into the /var/lib/flatpak folder. This is due to Qubes Persistence. If the --user option was used, the flatpak would only be available in the Template's home folder but not in any App Qube based on that Template, because App Qubes have their own independent home folder.
  4. Qubes-Whonix App Qube: flatpak should be used with the --user option. This is because in case of using an App Qube, the flatpak needs to be installed per-user only into the ~/.local/share/flatpak folder and not system-wide. This is due to Qubes Persistence. If the --user option was not used, the flatpak would only be available in the App Qube's non-persistent /var/lib/flatpak folder located in the root image.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!