Discussion:
[Tails-dev] Support of "go get" command
b***@ruggedinbox.com
2015-09-16 18:30:51 UTC
Permalink
It seem that after the total removal of Polipo (Tails 1.3 and up [0]) Go's
"go get" command does not work anymore in Tails ; giving "unrecognized
import path" is supposedly a notice about refusing to connect [1].

Does the Tails team plan to support "go get" in the same way as "git
clone" [2]?

If this is not the right place to ask, sorry!

Daniel

[0] I tested this with xmpp-client and "go get" works in 1.2.3 but not in
1.5.
[1] https://github.com/agl/xmpp-client/issues/82
[2] https://labs.riseup.net/code/issues/8680
sajolida
2015-09-17 09:59:35 UTC
Permalink
Post by b***@ruggedinbox.com
It seem that after the total removal of Polipo (Tails 1.3 and up [0]) Go's
"go get" command does not work anymore in Tails ; giving "unrecognized
import path" is supposedly a notice about refusing to connect [1].
Does the Tails team plan to support "go get" in the same way as "git
clone" [2]?
If this is not the right place to ask, sorry!
I think this is the right place. User support channels would also work
in these cases which are borderline between dev and support.

We're not shipping Go and so we don't feel responsible if it breaks by
changes we made elsewhere in Tails. In other words, "not supported" as
geeks say.

But we'd be interested if you investigate this problem further and
propose a patch that makes sense in Tails and fixes your issue. Or if
you document how to work around it.

At some point we thought about adding hints about making additional
programs work fine inside Tails to the advanced topics of our documentation.
intrigeri
2015-09-17 10:58:01 UTC
Permalink
Hi,
Post by b***@ruggedinbox.com
It seem that after the total removal of Polipo (Tails 1.3 and up [0]) Go's
"go get" command does not work anymore in Tails ; giving "unrecognized
import path" is supposedly a notice about refusing to connect [1].
Does the Tails team plan to support "go get" in the same way as "git
clone" [2]?
Please try prefixing such commands with torsocks or (better) look for
a way to configure the go command to use a SOCKS5 proxy. Even if we
don't ship the golang compiler, we could ship a config file to address
that problem.

Cheers,
--
intrigeri
sycamore one
2016-01-02 21:37:18 UTC
Permalink
Post by intrigeri
Post by b***@ruggedinbox.com
It seem that after the total removal of Polipo (Tails 1.3 and up [0]) Go's
"go get" command does not work anymore in Tails ; giving "unrecognized
import path" is supposedly a notice about refusing to connect [1].
Does the Tails team plan to support "go get" in the same way as "git
clone" [2]?
Please try prefixing such commands with torsocks or (better) look for
a way to configure the go command to use a SOCKS5 proxy. Even if we
don't ship the golang compiler, we could ship a config file to address
that problem.
Some comments about the problems of using "go get" in Tails.

1. Leif originally wrote: "I think torsocks doesn't work because go get
needs to send an HTTPS(fallback to HTTP) request with ?go-get=1 for any
imports from domains without hardcoded behavior (as described in the go
get documentation) ...".

The important part is the "without hardcoded behaviour".
Post by intrigeri
go get github.com/golang/example/hello
works fine, because the go tools "knows" about the github.com domain and
translates the request into
Post by intrigeri
git clone https://github.com/golang/example/hello.
The request
Post by intrigeri
go get robpike.io/ivy
instead won't work, because the go tool needs to send a HTTPS request to
find out the URL of the Git repository to clone from.

If that package is *already* installed and we do an update using "go get
-u", then the go tool can again translate into a "git upadate ...", that
will succeed because Git works in Tails.

2. I believe Torsocks won't work with go tools. There are two problems:
(1) Go has two address resolvers: One written in Go sends DNS requests
directly, the other using the C library's getaddrinfo(). The native Go
version is the default on Linux, but in recent releases of Go one can use
Post by intrigeri
export GODEBUG=netdns=cgo
to force the use of the C based version. But then (2) Go makes a direct
syscall[1] instead of using the connect(2) library function to initiate
a TCP/IP connection. Thus torsocks LD_PRELOAD can't intercept the
function call.

3. Both the direct DNS requests and the direct syscall make sense from
the point of view of Go and won't be changed. There is a very old
ticket[2] about using the connect() function in case that LD_PRELOAD is
set, but I am skeptical that this will every be implemented.

4. The go tool is just a convenient way to install and compile code, but
one in not forced to use the tool. One can either do go get's work
manually, as in [3], or maintain a fork of the go tool, that uses Tor by
default. The latter is what I am planning to do, if such a thing doesn't
materializes on its own. Maybe one could even find a way to incorporate
onion addresses into Go's package naming conventions.

Cheers!

[1]
https://github.com/golang/go/blob/master/src/syscall/syscall_linux_386.go#L265
[2] https://github.com/golang/go/issues/3744
[3] https://github.com/agl/xmpp-client/issues/82#issuecomment-77586240
intrigeri
2016-01-02 23:22:06 UTC
Permalink
Hi,
Post by sycamore one
Some comments about the problems of using "go get" in Tails.
[...]
Thanks a lot for the detailed analysis.
What do you think should be do about it in Tails?

I'm personally tempted to say: "nothing for the time being; those
Tails users who actually use 'go get' will find ways around the
limitations anyway; and for the other ones who would need $software,
then someone needs to push $software into the relevant software
repositories, that is Debian if their target users are Debian or Tails
users".

Cheers,
--
intrigeri
sycamore one
2016-01-05 23:20:45 UTC
Permalink
Post by intrigeri
What do you think should be do about it in Tails?
I'm personally tempted to say: "nothing for the time being; those
Tails users who actually use 'go get' will find ways around the
limitations anyway;
This set unfortunately includes myself, but I would also say, that Tails
shouldn't do anything for the time being. I deliberately didn't open an
issue about "go get" not working.
Post by intrigeri
and for the other ones who would need $software,
then someone needs to push $software into the relevant software
repositories, that is Debian if their target users are Debian or Tails
users".
Either Debian packages, as people are already doing with xmpp-client and
Pond, or just shell scripts like Coy is using

https://github.com/twstrike/coyim/blob/master/install_coyim_tails.sh

Cheers!
Spencer
2016-01-05 23:32:56 UTC
Permalink
Hi,
and/or shell scripts like Coy is using
I wish there were a simple resolution to this, since hunting down
software is a pain, especially given the nuances of a Tails system;
example: svn.

A directory with every OS and the relevant install instructions seems
like the only option, though maintaining that would be difficult, or
require a clever bot.

Wordlife,
Spencer

b***@ruggedinbox.com
2015-09-17 20:25:14 UTC
Permalink
torsocks probably wouldn't work as demonstrated and explained in the
github thread [1].

Quote
"WARNING torsocks[7342]: [connect] Connection to a local address are
denied since it might be a TCP DNS query to a local DNS server. Rejecting
it for safety reasons. (in tsocks_connect() at connect.c:177)
12:19:17 libtsocks(7342): Error 1 attempting to connect to SOCKS server
(Operation not permitted)
[Mar 06 12:19:17] WARNING torsocks[7342]: [connect] Connection to a local
address are denied since it might be a TCP DNS query to a local DNS
server. Rejecting it for safety reasons. (in tsocks_connect() at
connect.c:177)"

"I think torsocks doesn't work because go get needs to send an
HTTPS(fallback to HTTP) request with ?go-get=1 for any imports from
domains without hardcoded behavior (as described in the go get
documentation) but then later it runs git which Tails has already
configured to use Tor via torsocks. Running git under torsocks under go
get under torsocks fails because the outer torsocks doesn't allow the
inner torsocks to connect to localhost. Running go get under torsocks
would probably work if you removed Tails' git config"

Since Tails doesn't ship Go, some custom configuration is probably the
best solution. Not sure if I have the skills for it.

[1] https://github.com/agl/xmpp-client/issues/82
intrigeri
2015-10-12 15:47:53 UTC
Permalink
Hi,
Running git under torsocks under go get under torsocks fails because
the outer torsocks doesn't allow the inner torsocks to connect
to localhost.
Interesting statement: last time I checked, torsocks 2.x avoided
putting its shared library twice into LD_PRELOAD, and one could
perfectly well run "torsocks torsocks $COMMAND". Perhaps this comment
was about torsocks 1.x? Or rather about mixing torsocks with
connect-socks?

The quoted text was authored by Leif [2], Cc'ed, who might want to
clarify or test it again.

[2] https://github.com/agl/xmpp-client/issues/82#issuecomment-77403349

Cheers,
--
intrigeri
Austin English
2015-10-29 08:46:17 UTC
Permalink
Post by intrigeri
Hi,
Running git under torsocks under go get under torsocks fails because
the outer torsocks doesn't allow the inner torsocks to connect
to localhost.
Interesting statement: last time I checked, torsocks 2.x avoided
putting its shared library twice into LD_PRELOAD, and one could
perfectly well run "torsocks torsocks $COMMAND". Perhaps this comment
was about torsocks 1.x? Or rather about mixing torsocks with
connect-socks?
The quoted text was authored by Leif [2], Cc'ed, who might want to
clarify or test it again.
[2] https://github.com/agl/xmpp-client/issues/82#issuecomment-77403349
Cheers,
--
intrigeri
_______________________________________________
Tails-dev mailing list
https://mailman.boum.org/listinfo/tails-dev
This seems to work for me out of the box in 1.7-rc1, using
https://github.com/golang/example for example code to get.
--
-Austin
b***@ruggedinbox.com
2015-10-30 20:54:34 UTC
Permalink
Austin,

can you write the exact command you've used? Tails 1.6?
Austin English
2015-10-30 21:12:38 UTC
Permalink
Post by b***@ruggedinbox.com
Austin,
can you write the exact command you've used? Tails 1.6?
_______________________________________________
Tails-dev mailing list
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
Hi there,

No, I used 1.7-rc1 as mentioned in the previous thread (1.6 failed for me
last I tried, but my memory is fallible).

For 1.7-rc1, I:
* booted tails
* set an administrator password
* logged into tails
* once Tor was activated, I opened a terminal:
$ sudo su -
# apt-get update
# apt-get -y install golang
# exit
$ go get github.com/golang/example/hello

Hope that helps.
--
-Austin
Loading...