Raspberry Pi?


#1

Very basic question, sorry. Is Globaleaks available for ARM, or are there any other reasons why it could not be hosted from a Raspberry Pi?

Thank you for everything you do.


#2

Findings so far…

  • There don’t seem to be .debs on the apt repo
  • I can build backend from source using python setup.py build
  • I cannot use appliance/run.sh because it depends on VirtualBox, which is unavailable for this platform

Could I run the appliance on an insecure client laptop, say, and connect to the backend running on rpi? Does that defeat the purpose?


#4

Hello ccdc,

right know GlobaLeaks and Tor2web are fine retested for Ubuntu where the platform benefits from full capabilities (e.g. Apparrmor). Anyhow you wont find particular issues in setupping it on a Rasperry where correct me if i’m wrong the system is a debian like platform.

I would discourage you to setup from sources given the difficulties that you will encounter having to maintain it following the official updates. I would instead suggest you to setup using the official init script and passing us the errors you encounter via GitHub. This way we can annotate here your followup and try to make an official release that suits your needs an maybe the one of other users.

What do you think?


#5

There are also images of Ubuntu 16.04 for Rasberry where GlobaLeaks should works out of the box?
https://wiki.ubuntu.com/ARM/RaspberryPi .

The GlobaLeaks debian package is independent from the architecture being entirely python


#6

I just got a 500 trying to post a reply here.


#7

Thank you both. We tried those Ubuntu 16.04 images and they are not great on the RPi3, apt-get upgrade breaks the boot process.

So far we are getting some headway with vanilla Raspbian.

globaleaks.service is reporting that it can’t initialize apparmor, which is up and running as far as we can tell:

root@transfer:/home/pi# systemctl status apparmor.service  
 apparmor.service - LSB: AppArmor initialization
   Loaded: loaded (/etc/init.d/apparmor)
   Active: active (exited) since Tue 2017-01-24 19:36:41 UTC; 10min ago

Jan 24 19:36:41 transfer.[ourhost].com systemd[1]: Started LSB: AppArmor initialization.
root@transfer:/home/pi# systemctl status globaleaks.service | more
 globaleaks.service - LSB: Start the GlobaLeaks server.
   Loaded: loaded (/etc/init.d/globaleaks)
   Active: failed (Result: exit-code) since Tue 2017-01-24 19:46:17 UTC; 40s ago
  Process: 4709 ExecStart=/etc/init.d/globaleaks start (code=exited, status=1/FAILURE)

Jan 24 19:46:17 transfer.[ourhost].com globaleaks[4709]: Starting GlobaLeaks daemon: globaleaksEnabling GlobaLeaks Network S
andboxing...done.
Jan 24 19:46:17 transfer.[ourhost].com globaleaks[4709]: Enabling GlobaLeaks Apparmor Sandboxing...failed (Unable to initial
ize AppArmor!).
Jan 24 19:46:17 transfer.[ourhost].com globaleaks[4709]: Unable to initialize AppArmor!
Jan 24 19:46:17 transfer.[ourhost].com globaleaks[4709]: AppArmor is probably disabled; please enable it by following instru
ctions at https://wiki.debian.org/AppArmor/HowToUse
Jan 24 19:46:17 transfer.[ourhost].com globaleaks[4709]: If you understand the risks involved and you know what you are doin
g, you can disable GlobaLeaks's Apparmor support by editing /etc/default/globaleaks and configuring APPARMOR_SANDBOXING=0
Jan 24 19:46:17 transfer.[ourhost].com systemd[1]: globaleaks.service: control process exited, code=exited status=1
Jan 24 19:46:17 transfer.[ourhost].com systemd[1]: Failed to start LSB: Start the GlobaLeaks server..
Jan 24 19:46:17 transfer.[ourhost].com systemd[1]: Unit globaleaks.service entered failed state.

#8

ahh, I think the bullets in systemctl status output broke the forum software.


#9

ahh, ok,

Traceback (most recent call last):
  File "/usr/bin/globaleaks", line 97, in <module>
    from twisted.python import usage
ImportError: No module named twisted.python

installed python-dev libffi-dev and ran pip install twisted cyclone service_identity storm cryptography. This started to build okay but something broke my pip.

root@transfer:/home/pi# pip install cryptography
Traceback (most recent call last):
  File "/usr/bin/pip", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 70, in <module>
    import packaging.version
ImportError: No module named packaging.version

(repeat for any pip package)


#10

rm -r /usr/local/lib/python2.7/dist-packages/pkg_resources/ fixed that up. Brute force ftw.

pip install cryptography yacked out as follows:

pkg_resources.VersionConflict: (six 1.8.0 (/usr/lib/python2.7/dist-packages), Requirement.parse('six>=1.10.0'))

pip install --upgrade six fixed that, but now I’m stuck with this–

  File "/usr/local/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 65, in <module>

    warnings.filterwarnings("default", category=pkg_resources.PEP440Warning)

AttributeError: 'module' object has no attribute 'PEP440Warning'

any suggestions? Can’t seem to figure out which module is responsible.


#11

ok in /usr/lib/python2.7/dist-packages were some very old package manager installed pkg_resources and setuptools modules. I removed those and replaced with pip install --upgrade --force setuptools

other modules I have had to install (is something about install-globaleaks.sh not working? I feel like it should be checking for missing python modules…):

pip install scrypt gnupg txsocksx

so now globaleaks doesn’t spit out any python errors, but it looks like apparmor module is missing from the kernel. so recompiling that with CONFIG_SECURITY_APPARMOR etc.


#12

built kernel on the pi3 itself.

Here’s my kernel config: kernel-config-pi3-apparmor.csv

change extension to .txt.gz, gunzip, rename to .config and follow build instructions:

git clone --depth 1 https://github.com/raspberrypi/linux.git
KERNEL=kernel7-apparmor
cd linux
# (FROM WHEREVER YOU STASHED FILE ABOVE:)
cp ~/.config ./
make -j4 zImage modules dtbs
sudo make modules_install
sudo cp arch/arm/boot/dts/*.dtb /boot/
sudo cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/
sudo cp arch/arm/boot/dts/overlays/README /boot/overlays/
sudo scripts/mkknlimg arch/arm/boot/zImage /boot/$KERNEL.img
echo -e '\nkernel=kernel7-apparmor.img\n' >> /boot/config.txt

so now I get this:

root@transfer:/home/pi# aa-status
apparmor module is loaded.
apparmor filesystem is not mounted.

but globaleaks still can’t start:

Jan 25 10:06:41 transfer.[OURHOST].com globaleaks[1026]: Starting GlobaLeaks daemon: globaleaksEnabling GlobaLeaks Network Sandboxing...done (already enabled.).
Jan 25 10:06:41 transfer.[OURHOST].com globaleaks[1026]: Enabling GlobaLeaks Apparmor Sandboxing...failed (Unable to initialize AppArmor!).
Jan 25 10:06:41 transfer.[OURHOST].com globaleaks[1026]: Unable to initialize AppArmor!
Jan 25 10:06:41 transfer.[OURHOST].com globaleaks[1026]: AppArmor is probably disabled; please enable it by following instructions at https://wiki.debian.org/AppArmor/HowToUse
Jan 25 10:06:41 transfer.[OURHOST].com globaleaks[1026]: If you understand the risks involved and you know what you are doing, you can disable GlobaLeaks's Apparmor support by editing /etc/default/globaleaks and configuring APPARMOR_SANDBOXING=0

#13

I was specifying kernel commands incorrectly, they need to be in /boot/cmdline.txt instead of config.txt

here’s mine from a Pi3:

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait apparmor=1 security=apparmor

so now it starts up:

root@transfer:/home/pi# systemctl status globaleaks.service -l
- globaleaks.service - LSB: Start the GlobaLeaks server.
   Loaded: loaded (/etc/init.d/globaleaks)
   Active: active (exited) since Wed 2017-01-25 10:17:17 EST; 3min 40s ago

Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: File "/usr/local/lib/python2.7/dist-packages/gnupg/_meta.py", line 115, in _find_agent
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: if (proc.name() == "gpg-agent") and proc.is_running():
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: File "/usr/local/lib/python2.7/dist-packages/psutil/__init__.py", line 634, in name
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: name = self._proc.name()
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: File "/usr/local/lib/python2.7/dist-packages/psutil/_pslinux.py", line 1092, in wrapper
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: raise AccessDenied(self.pid, self._name)
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: psutil.AccessDenied: psutil.AccessDenied (pid=1)
Jan 25 10:17:17 transfer.[OURHOST].com globaleaks[801]: failed!
Jan 25 10:17:17 transfer.[OURHOST].com systemd[1]: Started LSB: Start the GlobaLeaks server..
Jan 25 10:20:24 transfer.[OURHOST].com systemd[1]: Started LSB: Start the GlobaLeaks server..