Failed upgrade of Admin stick


#1

I think I messed up one of my Admin sticks badly today.

I got somewhat stressed with other things when I updated it some week ago, so I didn’t get the time to complete and test it after the upgrade. And now when I’m trying to use it I’m unable to get it to work. Only a few seconds after the connection to Tor is established the connection breaks and a pop-up error message is displayed Error while checking for upgrades (that obviously doesn’t have anything to do with the error, more caused by it).

If I start the machine without network and remove the /etc/NetworkManager/dispatcher.d/65-configure-tor-for-securedrop.sh, then plug in the network, the machine seems to work with Tor as it should. So something seems to go wrong running the script.
Rerunning the securedrop-admin tailsconfig stops at the run securedrop network hook for a long time, and then finaly fails.

That’s about as far as I got with my troubleshooting today. Do you have any ideas where to start… or might it be easier to just start over with a new admin-stick, cloning the repository and only copying the files really needed?

(There is no rush, I can work around the problem with a journalist key for user-administration and direct-console access if I need to control the servers for some reason.)

//Jonas


#2

I managed to solve this issue today.

Going through the steps performed by the script /home/amnesia/Persistent/.securedrop/securedrop_init.py manually, and checking the /vat/log/tor/log I got some errors reading:

[warn]Duplicate authorization for the same hidden service.
[warn]Failed to parse/validate config: Failed to configure client authorization for hidden services. See logs for details
[err]Reading config failed–see warnings above. For usage, try -h
[warn]Restart failed (config error?). Exiting

Looking at the etc/tor/torrc I noticed it was two lines for the journalist hiddenserv. Removing one of the lines and restarting Tor fixed the issue temporarily.
So I continued to look for the source of the lines. After I started to get some understanding of the script I found the file /home/amnesia/Persistent/.securedrop/torrc_additions, and there where two lines here as well.

I don’t know when or why that happend, but after changing permissions, removing the row and restoring the permissions everything is back to normal, the script runs as it should when the network is connected!