From e98362b16baf8bbcf16bcbbf8cd24f00c9c15697 Mon Sep 17 00:00:00 2001 From: kexkey Date: Tue, 12 Nov 2019 16:46:43 -0500 Subject: [PATCH] OTS not TORified thanks to proxychains-ng, better TORification --- cyphernodeconf_docker/prompters/040_tor.js | 2 +- .../installer/docker/docker-compose.yaml | 9 ++++- dist/setup.sh | 1 - notifier_docker/script/web.sh | 4 +- otsclient_docker/Dockerfile | 23 +++++++---- otsclient_docker/script/otsclient.sh | 39 +++++++++++++------ 6 files changed, 52 insertions(+), 26 deletions(-) diff --git a/cyphernodeconf_docker/prompters/040_tor.js b/cyphernodeconf_docker/prompters/040_tor.js index 9fac5bc..8a85198 100644 --- a/cyphernodeconf_docker/prompters/040_tor.js +++ b/cyphernodeconf_docker/prompters/040_tor.js @@ -19,6 +19,6 @@ module.exports = { ]; }, templates: function( props ) { - return [ 'torrc', 'curlcfg' ]; + return [ 'torrc' ]; } }; diff --git a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml index d516077..e5977b9 100644 --- a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml +++ b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml @@ -127,8 +127,9 @@ services: image: cyphernode/notifier:<%= notifier_version %> command: $USER ./startnotifier.sh <% if ( features.indexOf('tor') !== -1 ) { %> - volumes: - - "<%= tor_datapath %>/curlcfg:/notifier/curlcfg" + environment: + - "TOR_HOST=tor" + - "TOR_PORT=9050" <% } %> networks: - cyphernodenet @@ -175,6 +176,10 @@ services: <% if (net === 'testnet') { %> - "TESTNET=1" <% } %> + <% if ( features.indexOf('tor') !== -1 ) { %> + - "TOR_HOST=tor" + - "TOR_PORT=9050" + <% } %> volumes: - "<%= otsclient_datapath %>:/otsfiles" - "<%= bitcoin_datapath %>/bitcoin-client.conf:/.bitcoin/bitcoin.conf:ro" diff --git a/dist/setup.sh b/dist/setup.sh index 8be3530..9297d32 100755 --- a/dist/setup.sh +++ b/dist/setup.sh @@ -407,7 +407,6 @@ install_docker() { fi copy_file $cyphernodeconf_filepath/tor/torrc $TOR_DATAPATH/torrc 1 $SUDO_REQUIRED - copy_file $cyphernodeconf_filepath/tor/curlcfg $TOR_DATAPATH/curlcfg 1 $SUDO_REQUIRED fi diff --git a/notifier_docker/script/web.sh b/notifier_docker/script/web.sh index 36dd0b0..94e173d 100644 --- a/notifier_docker/script/web.sh +++ b/notifier_docker/script/web.sh @@ -56,11 +56,11 @@ curl_it() { local response local rnd=$(dd if=/dev/urandom bs=5 count=1 | xxd -pc 5) - if [ "${torbypass}" = "true" ] || [ ! -f "curlcfg" ]; then + if [ "${torbypass}" = "true" ] || [ -z "${TOR_HOST}" ]; then # If we want to bypass tor or the config file doesn't exist torbypass="" else - torbypass="-K curlcfg" + torbypass="--socks5-hostname ${TOR_HOST}:${TOR_PORT}" fi if [ -n "${data}" ]; then diff --git a/otsclient_docker/Dockerfile b/otsclient_docker/Dockerfile index 417b397..7270774 100644 --- a/otsclient_docker/Dockerfile +++ b/otsclient_docker/Dockerfile @@ -1,3 +1,14 @@ +FROM alpine:3.9 as builder + +RUN apk add --no-cache --update alpine-sdk bsd-compat-headers \ + && git clone https://github.com/Kexkey/proxychains-ng.git + +RUN cd /proxychains-ng \ + && ./configure \ + && make \ + && make install \ + && make install-config + FROM node:11.1-alpine RUN apk add --update --no-cache \ @@ -13,6 +24,10 @@ RUN apk add --update --no-cache \ WORKDIR /script +COPY --from=builder /usr/local/etc/proxychains.conf /usr/local/etc/proxychains.conf +COPY --from=builder /usr/local/bin/proxychains4 /usr/local/bin/proxychains4 +COPY --from=builder /usr/local/lib/libproxychains4.so /usr/local/lib/libproxychains4.so + COPY script/otsclient.sh /script/otsclient.sh COPY script/requesthandler.sh /script/requesthandler.sh COPY script/responsetoclient.sh /script/responsetoclient.sh @@ -22,11 +37,3 @@ COPY script/trace.sh /script/trace.sh RUN chmod +x /script/startotsclient.sh /script/requesthandler.sh ENTRYPOINT ["su-exec"] - -# docker build -t otsclient-js . -# docker run -it --rm --name otsclient -v /home/debian/otsfiles:/otsfiles otsclient-js `id -u cyphernode`:`id -g cyphernode` ash - -# ots-cli.js stamp -d 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7 -# ots-cli.js verify -d 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots -# ots-cli.js info 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots -# ots-cli.js upgrade 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots diff --git a/otsclient_docker/script/otsclient.sh b/otsclient_docker/script/otsclient.sh index e572bff..d6eb252 100644 --- a/otsclient_docker/script/otsclient.sh +++ b/otsclient_docker/script/otsclient.sh @@ -13,14 +13,19 @@ stamp() { local result local returncode local data + local proxychains="" + + if [ -n ${TOR_HOST} ]; then + proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4" + fi if [ "${TESTNET}" -eq "1" ]; then - trace "[stamp] ots-cli.js stamp -c \"https://ots.testnet.kexkey.com\" -d ${hash}" - result=$(cd /otsfiles && ots-cli.js stamp -c "https://ots.testnet.kexkey.com" -d ${hash} 2>&1) + trace "[stamp] ${proxychains} ots-cli.js stamp -c \"https://ots.testnet.kexkey.com\" -d ${hash}" + result=$(cd /otsfiles && ${proxychains} ots-cli.js stamp -c "https://ots.testnet.kexkey.com" -d ${hash} 2>&1) returncode=$? else - trace "[stamp] ots-cli.js stamp -d ${hash}" - result=$(cd /otsfiles && ots-cli.js stamp -d ${hash} 2>&1) + trace "[stamp] ${proxychains} ots-cli.js stamp -d ${hash}" + result=$(cd /otsfiles && ${proxychains} ots-cli.js stamp -d ${hash} 2>&1) returncode=$? fi trace_rc ${returncode} @@ -58,14 +63,19 @@ upgrade() { local result local returncode + local proxychains="" + + if [ -n ${TOR_HOST} ]; then + proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4" + fi if [ "${TESTNET}" -eq "1" ]; then - trace "[upgrade] ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist upgrade -c \"https://testnet.calendar.kexkey.com/\" ${hash}.ots" - result=$(cd /otsfiles && ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist upgrade -c "https://testnet.calendar.kexkey.com/" ${hash}.ots 2>&1) + trace "[upgrade] ${proxychains} ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist upgrade -c \"https://testnet.calendar.kexkey.com/\" ${hash}.ots" + result=$(cd /otsfiles && ${proxychains} ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist upgrade -c "https://testnet.calendar.kexkey.com/" ${hash}.ots 2>&1) returncode=$? else - trace "[upgrade] ots-cli.js upgrade ${hash}.ots" - result=$(cd /otsfiles && ots-cli.js upgrade ${hash}.ots 2>&1) + trace "[upgrade] ${proxychains} ots-cli.js upgrade ${hash}.ots" + result=$(cd /otsfiles && ${proxychains} ots-cli.js upgrade ${hash}.ots 2>&1) returncode=$? fi trace_rc ${returncode} @@ -107,18 +117,23 @@ verify() { local returncode local message local data + local proxychains="" + + if [ -n ${TOR_HOST} ]; then + proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4" + fi # Let's create the OTS file locally from the base64 trace "[verify] Creating /otsfiles/otsfile-$$.ots" echo "${base64otsfile}" | base64 -d > /otsfiles/otsfile-$$.ots if [ "${TESTNET}" -eq "1" ]; then - trace "[verify] ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots" - result=$(ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1) + trace "[verify] ${proxychains} ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots" + result=$(${proxychains} ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1) returncode=$? else - trace "[verify] ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots" - result=$(ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1) + trace "[verify] ${proxychains} ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots" + result=$(${proxychains} ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1) returncode=$? fi trace_rc ${returncode}