[Koha-bugs] [Bug 15540] Debian package option to set up an .onion address ( Tor hidden service) for the OPAC

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sat Nov 19 22:13:07 CET 2016 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15540

Mirko Tietgen <mirko at abunchofthings.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #46644|0                           |1
        is obsolete|                            |

--- Comment #4 from Mirko Tietgen <mirko at abunchofthings.net> ---
Created attachment 57661
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=57661&action=edit
Bug 15540 - Debian package option to set up an .onion address (Tor hidden
service) for the OPAC

Add --tor to koha-create: automatically set up a .onion URL for the OPAC.
Install Tor from official repository if required.

Test plan:

0) Requirements

- Apply patch
- Build Debian package
- Test server needs to be reachable from the internet
- Download Tor Browser to your local machine (not the server)
  https://www.torproject.org/download/download-easy.html.en
  (Running Tor Browser and Koha with Tor on the same machine does not seem to
work)

1) First Koha instance using Tor, refuse Tor installation

- Test without the package 'tor' installed!
- koha-create --create-db --tor <instance1>
  You should be asked if you want to install Tor
- Refuse

Expected result:

- You are told to either accept to install Tor or not use the --tor option
- Installation process stops cleanly (no remaining user account etc.)

2) First Koha instance using Tor, accept Tor installation

- Test without the package 'tor' installed!
- koha-create --create-db --tor <instance1>
  You should be asked if you want to install Tor
- Accept
- Wait for the installation to finish
- Open your regular OPAC URL
  You should see the OPAC maintenance website
- Open (in Tor Browser) the .onion address displayed at the end of the
installation
  You should see the OPAC maintenance website. It can take a minute until this
works

Expected results:

- Tor repository is added to /etc/apt/sources.list.d/tor.list
- Package 'tor' (and keyring + dependencies) is installed
- Koha instance is created as usual
- Tor config is added to /etc/tor/torrc. It includes a block that looks like
  # begin instance koha-<instance1>
  HiddenServiceDir /var/lib/tor/koha/<instance1>/hidden_service
  HiddenServicePort 80 127.0.0.1:80
  # end instance koha-<instance1>
- .onion address from /var/lib/tor/koha/<instance1>/hidden_service/hostname
  is added as ServerAlias to /etc/apache2/sites-availabled/<instance1>.conf
- You can reach the OPAC from the regular address and via .onion (in Tor
Browser)

3) Additional instances using Tor / Tor already installed

- koha-create --create-db --tor <instance2>
  You should not be asked if you want to install Tor again.
- Wait for the installation to finish
- Open your regular OPAC URL of <instance2>
  You should see the OPAC maintenance website
- Open Tor Browser at the .onion address displayed at the end of the second
installation
  You should see the OPAC maintenance website
  It can take a minute until this works
- Copy the .onion address, you will need it in step 5 and 7!

Expected results:

- Second Tor config is added to /etc/tor/torrc
- You can reach the second OPAC from the regular address and via .onion (Tor
Browser)

4) Remove an instance

- Remove your first instance with koha-remove <instance1>
  Removal process should work as expected
- Check /etc/tor/torrc
  The block for your first instance should be gone
- Check /var/lib/tor/koha/instance1/
  The hidden_service folder and key should still be there. This way you can
re-use
  an .onion address after reinstallation.

5) Re-create an instance (old config)

- koha-create --create-db --tor <instance1> #use the same name as for step 2!
  You should be asked if you want to re-use the existing .onion address or
delete it
- Choose to re-use the old config
- Wait for installation to finish
- Open the OPAC with the regular URL and the (old) .onion address (in Tor
Browser)
  Both should work. It can take a minute for the .onion to show up
- Verify that the .onion is the same as the one from step 3

6) Remove the instance again

- Follow step 4

7) Re-create an instance (new config)

- koha-create --create-db --tor <instance1> #use the same name as for step 1!
  You should be asked if you want to re-use the existing key and .onion address
or delete it
- Choose to delete the folder and get a new .onion
- Wait for installation to finish
- Open the OPAC with the regular URL and the (new) .onion address (in Tor
Browser)
  Both should work. It can take a minute for the .onion to show up
- Verify that the .onion is not the same as in step 3 and 5

Possible bonus tests:

- Using an operating system that does not have a Tor package available in the
official
  repository should be detected. Testing this would require such an OS for
testing.
  Recent Debian and Ubuntu seems to be covered.
- A manual Tor installation before Koha is installed should be detected and
work,
  a prompt will allow to either overwrite the old config or stop the
installation
- If the Tor repository is already present in /etc/apt/sources.list*, it is not
added again

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list