Dev/OnionShare
OnionShare in Whonix - Development Notes
Notes[edit]
- Qubes-Whonix™ users should consider creating a separate, cloned
whonix-workstation-17-onionshare
Template before installing OnionShare/flatpak. - OnionShare from the Debian stable repository is suitable for most users. Flatpak can be utilized for later OnionShare versions; v2.4 is packaged at the time of writing. [1]
[edit]
Install onionshare
via flatpak.
1. Add a Flatpak repository.
A : Non-Qubes-Whonix
===Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
B : Qubes-Whonix Template
===whonix-workstation-17
)Already enabled by default. (system-wide). No additional steps needed to enable the Flathub repository.
C : Qubes-Whonix App Qube
anon-whonix
)The user needs to Enable the Flathub Repository . Must be enabled per-user.
2. Install the flatpak onionshare
package.
B : Qubes-Whonix Template
===Qubes-Whonix Template (whonix-workstation-17
) [3]
Note: Advanced users that uninstalled the qubes-core-agent-passwordless-sudo
package should see forum thread Warning: Flatpak system operation Deploy not allowed for user.
http_proxy=http://127.0.0.1:8082 https_proxy=$http_proxy flatpak install flathub onionshare
C : Qubes-Whonix App Qube
Qubes-Whonix App Qube (anon-whonix
) [4]
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub onionshare
3. Done.
The procedure of installing onionshare
is complete.
4. Upgrades notice.
Note: this procedure will not keep the software up-to-date. How to update installation installed by flatpak is also documented on the Operating System Software and Updates wiki page.
Issue[edit]
Flatpak installed OnionShare does not listen on all network interfaces but 127.0.0.1 only. It is therefore unreachable from Whonix-Gateway™. This is because file /usr/share/anon-ws-base-files/workstation
does not exist inside the Flatpak folder.
related: https://github.com/onionshare/onionshare/blob/develop/cli/onionshare_cli/web/web.py#L360_L364
Does the following help?
sudo mkdir /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files
sudo touch /var/lib/flatpak/app/org.onionshare.OnionShare/current/active/files/share/anon-ws-base-files/workstation
flatpak breaks application's Whonix detection #4640
Debugging[edit]
To see what's happening "under the hood". When using Debian package installed OnionShare version only. This does not work for Flatpak installed OnionShare version.
uwtwrapper_verbose=1 onionshare
View listener.
netstat -tulpen
Should show Local Address
0.0.0.0
, meaning listening on all interfaces which is required in case of Whonix so onionshare running inside Whonix-Workstation™ can be reached from Whonix-Gateway. (As opposed to onionshare running on a host without Whonix where it should listen on localhost 127.0.0.1
onl.y
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name [...] tcp 0 0 0.0.0.0:17605 0.0.0.0:* LISTEN 1000 30959 4009/python3
uwt
and bindp
is no longer required since Whonix 16 (Debian bullseye
based).
/usr/bin/onionshare.anondist-orig a
Footnotes[edit]
- ↑ https://flathub.org/apps/details/org.onionshare.OnionShare
- ↑
Non-Qubes-Whonix:
- system-wide (requires administrative ("root") rights) (compatible with noexec): flatpak install flathub {{{package}}}
- per-user (no administrative rights required) (probably not compatible with noexec): flatpak --user install flathub {{{package}}}
- <>usability:</> Flathub is enabled by default system-wide but not per-user.
- multi-user: On a multi-user system (probably if multiple human users use the same computer, which is rare nowadays), system-wide might be preferable as this saves disk space.
- At preset: Does not make any difference.
- Future-proof: Per-user might be more future-proof. It would be compatible with future Whonix security improvements Dev/user-sysmaint-split. However, noexec for the home folder is to be considered later, at which point this documentation needs to be updated once that has been implemented.
- ↑
Qubes-Whonix Template:
flatpak
cannot be used with the--user
option. This is because in case of using a Qubes Template, the flatpak needs to be installed system-wide into the/var/lib/flatpak
folder. This is due to Qubes Persistence. If the--user
option was used, the flatpak would only be available in the Template's home folder but not in any App Qube based on that Template, because App Qubes have their own independent home folder. - ↑
Qubes-Whonix App Qube:
flatpak
should be used with the--user
option. This is because in case of using an App Qube, the flatpak needs to be installed per-user only into the~/.local/share/flatpak
folder and not system-wide. This is due to Qubes Persistence. If the--user
option was not used, the flatpak would only be available in the App Qube's non-persistent/var/lib/flatpak
folder located in the root image.
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!