Tails and unrecognized path errors about xmpp-client HOT 10 CLOSED

The "custom" import path like golang.org/x/... used by xmpp-client where only introduced in Go 1.4. (https://golang.org/doc/go1.4#canonicalimports), so ideally you could use a go version 1.4 (e.g. from Debian experimental or from http://golang.org/doc/install). The installation instructions need to be updated here.

Otherwise it might work to change all occurrences of "golang.org/x/crypto*" in xmpp-client to "github.com/golang/crypto/*", but that is a workaround hack at best and will break if the imported packages use a custom import path internally.

from xmpp-client.

I will try to produce new working instructions for Tails, but won't have a chance to test anything using Tails today.

What should work even on Tails is to build your own Go from the github.com sources (given that you already have to trust https://github.com for the xmpp-client sources.)

$ cd ~/Persistent
$ sudo apt-get install gcc libc6-dev libc6-dev-i386
$ git clone https://github.com/golang/go.git
$ cd go && git checkout go1.4.1
$ cd src && ./all.bash

$ cd ~/Persistent
$ mkdir g && export GOPATH=~/Persistent/g
$ go get github.com/agl/xmpp-client
$ ~/Persistent/g/bin/xmpp-client

GOPATH isn't needed to start xmpp-client and you don't need to put the go repository into ~/Persistent if you are only interested in installng xmpp-client once. mercurial isn't needed anymore.

from xmpp-client.

Following the readme instructions but using Go in experimental (1.4.1) still produces the same errors.

from xmpp-client.

This is caused by Tails 1.3 not including an HTTP proxy anymore, which is how go get used to be able to get online in Tails.

Apparently "unrecognized import path" is the go get command's helpful way of saying "Connection refused" (in this case).

While investigating this, I noticed that go get actually falls back to HTTP when HTTPS connections fail (!!!) so it appears that go get isn't actually a safe command to run over tor (or any untrusted network).

See also Pond's ticket about this issue: agl/pond#169

from xmpp-client.

This is strange. I completely missed Tails removing a http proxy. This isn't listed in the release notes https://tails.boum.org/news/version_1.3/index.en.html.

Also, can somebody who knows about Go in Debian, explain to me, how Debian's version 1.3 Go knows about the vanity import paths? Was this feature actually added earlier in is present in Go 1.3 already?

torsocks go get should still work though. Shouldn't it? (I one ignores the https vs http problem.)

from xmpp-client.

torsocks go get should still work though. Shouldn't it? (I one ignores the https vs http problem.)

I think torsocks doesn't work because go get needs to send an HTTPS(fallback to HTTP) request with ?go-get=1 for any imports from domains without hardcoded behavior (as described in the go get documentation) but then later it runs git which Tails has already configured to use Tor via torsocks. Running git under torsocks under go get under torsocks fails because the outer torsocks doesn't allow the inner torsocks to connect to localhost. Running go get under torsocks would probably work if you removed Tails' git config. The Tails ticket about using git with torsocks might be informative.

I'm currently looking in to ways to run go get "safely" over Tor. I think using Tor's RejectPlaintextPorts option to deny all port 80 connections is probably the easiest way. I'm reluctant to add instructions for adding and removing this option to the documentation for Pond and xmpp-client and any other golang program, but, until golang/go#9637 is fixed and Go 1.5 is released I don't know what else to do :(

from xmpp-client.

amnesia@amnesia:$ go version
go version go1.3.3 linux/386
amnesia@amnesia:$ export GOPATH=/home/amnesia/Persistent/go/

amnesia@amnesia:~$ torsocks go get github.com/agl/xmpp-client
git clone https://github.com/agl/xmpp-client /home/amnesia/Persistent/go/src/github.com/agl/xmpp-client
Cloning into '/home/amnesia/Persistent/go/src/github.com/agl/xmpp-client'...
WARNING torsocks[7342]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177)
12:19:17 libtsocks(7342): Error 1 attempting to connect to SOCKS server (Operation not permitted)
[Mar 06 12:19:17] WARNING torsocks[7342]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177)
12:19:17 libtsocks(7342): Error 1 attempting to connect to SOCKS server (Operation not permitted)
error: Failed to connect to 192.30.252.130: Operation not permitted while accessing https://github.com/agl/xmpp-client/info/refs
fatal: HTTP request failed
package github.com/agl/xmpp-client: exit status 128

from xmpp-client.

For xmpp-client it isn't too hard to do go gets job by hand:

cd Persistent/
mkdir -p g/src/github.com/agl
mkdir -p g/src/golang.org/x/
export GOPATH=~/Persistent/g
cd $GOPATH/src/golang.org/x/
git clone https://github.com/golang/crypto
git clone https://github.com/golang/net
cd $GOPATH/src/github.com/agl
git clone https://github.com/agl/xmpp
git clone https://github.com/agl/xmpp-client
sudo bash -c "sudo apt-get update && sudo apt-get install -y -t testing golang"
cd xmpp-client && go install

Start xmpp-client with

~/Persistent/g/bin/xmpp-client

Tested in Tails 1.3 (except for typos).

from xmpp-client.

These instructions work fine and I have reproduced on a 1.3.x Tails system.

from xmpp-client.

For reference, for anyone that still has this problem in 2019, the other part of the problem seems to be that Go (now at 1.12.something) statically links libraries, which means Torsocks and LD_PRELOAD simply doesn't work.

It also seems this is more of a problem for golang import paths, rather than the github ones. I saw it for example for golang.org/x/text/transform.

The way I solved this on Tails 3.15 is to use a tool cooled graftcp (https://github.com/hmgle/graftcp). Compiling it works out of the box, as long as the basic build essential tools are installed. After that there are a few things necessary:

• Start the server component pointing to socks5:
  graftcp graftcp-local -socks5 "127.0.0.1:9050"
• Open up 2233 for loopback connections (there is support for fifo, but I couldn't get it working on Tails)
  sudo iptables -I OUTPUT -o lo -p tcp --dport 2233 -j ACCEPT
• Give the graftcp binary ptrace capabilities:
  sudo setcap cap_sys_ptrace=eip /path/to/graftcp

Then you just use it as you would use Torsocks:
graftcp go get golang.org/x/text/transform
or starting a shell for it:
graftcp bash

from xmpp-client.