[Pkg-privacy-commits] [Git][pkg-privacy-team/onionprobe][master] 3 commits: New upstream version 1.4.1+ds
Georg Faerber (@georg)
georg at debian.org
Fri Oct 24 11:02:26 BST 2025
Georg Faerber pushed to branch master at Privacy Maintainers / onionprobe
Commits:
d5c92bc2 by Georg Faerber at 2025-10-24T09:57:35+00:00
New upstream version 1.4.1+ds
- - - - -
9b8b6d9a by Georg Faerber at 2025-10-24T09:57:35+00:00
Update upstream source from tag 'upstream/1.4.1+ds'
Update to upstream version '1.4.1+ds'
with Debian dir b2998cc4dac3d4d55d26d10c2dcc30039ed22a56
- - - - -
54b33817 by Georg Faerber at 2025-10-24T09:58:32+00:00
debian/changelog: Debian release 1.4.1+ds-1
- - - - -
18 changed files:
- .gitlab-ci.yml
- configs/tor.yaml
- debian/changelog
- docs/api/helpers.md
- docs/changelog.md
- docs/development.md
- docs/installation.md
- docs/man/README.md
- + docs/man/onionprobe.1
- docs/man/onionprobe.1.txt
- docs/man/onionprobe.1.txt.tmpl
- docs/standalone.md
- docs/structure.md
- packages/manpage.py → packages/manpages.py
- packages/onionprobe/config.py
- packages/onionprobe/metrics.py
- renovate.json
- setup.cfg
Changes:
=====================================
.gitlab-ci.yml
=====================================
@@ -1,181 +1,68 @@
---
+#
+# CI configuration for Onionprobe
+#
+
+#
+# General
+#
+
+# Templates
include:
+ # GitLab pages
- local: '.gitlab-ci-pages.yml'
+
+ # Slide deck building
- local: '.gitlab-ci-slides.yml'
+
+ # APT configuration
- project: tpo/tpa/ci-templates
file: scripts/apt.yml
+ # Debian packaging
+ - project: tpo/onion-services/ci-templates
+ file: onion-services/debian.yml
+
+ # Python packaging
+ - project: tpo/onion-services/ci-templates
+ file: onion-services/python.yml
+
+ # GitLab releases
+ - project: tpo/onion-services/ci-templates
+ file: onion-services/release.yml
+
#
# Python
#
python:
- stage: build
- image: containers.torproject.org/tpo/tpa/base-images/debian:stable
- before_script:
- - !reference [.apt-init]
- script:
- - apt-get update
- - apt-get install -y git
- - git submodule sync
- - git submodule update --init --recursive --depth 1
- - scripts/provision-packaging-python
- - mkdir -p dist
- - make build-python-package
- artifacts:
- paths:
- - dist
- #only:
- # - main
+ !reference [.python]
#
# Debian
#
-.debian-package:
- - apt-get update
- - apt-get install -y git
- - git submodule sync
- - git submodule update --init --recursive --depth 1
- - scripts/provision-packaging-debian
- - make build-debian-test-package
- - mkdir -p dist
- - mv ../onionprobe_* dist
-
debian_stable:
- stage: build
- image: containers.torproject.org/tpo/tpa/base-images/debian:stable
- before_script:
- - !reference [.apt-init]
- script:
- - !reference [.debian-package]
- artifacts:
- paths:
- - dist
- #only:
- # - main
+ !reference [.debian-stable]
debian_sid:
- stage: build
- image: containers.torproject.org/tpo/tpa/base-images/debian:sid
- before_script:
- - !reference [.apt-init]
- script:
- - !reference [.debian-package]
- artifacts:
- paths:
- - dist
- #only:
- # - main
+ !reference [.debian-sid]
ubuntu_lts:
- stage: build
- image: containers.torproject.org/tpo/tpa/base-images/ubuntu:lts
- before_script:
- - !reference [.apt-init]
- script:
- - !reference [.debian-package]
- artifacts:
- paths:
- - dist
- #only:
- # - main
-
-# Chroot inside a GitLab CI job is not working
-# Initially tracked at
-# https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/94
-#sbuild_sid:
-# stage: build
-# image: containers.torproject.org/tpo/tpa/base-images/debian:sid
-# before_script:
-# - !reference [.apt-init]
-# script:
-# - apt-get install -y sbuild mmdebstrap uidmap piuparts lintian autopkgtest build-essential debhelper-compat zstd
-# - apt-get install -y dh-python pybuild-plugin-pyproject python3-setuptools pandoc
-# - mkdir -p ~/.cache/sbuild ~/.config/sbuild
-# - cp configs/sbuild.pl ~/.config/sbuild/config.pl
-# - mmdebstrap --include=ca-certificates --skip=output/dev --variant=buildd unstable ~/.cache/sbuild/unstable-amd64.tar.zst https://deb.debian.org/debian
-# # Adding subuids for root avoids the following errors:
-# #
-# # No entry for root in /etc/subuid
-# # invalid idmap
-# # E: Error creating chroot session: skipping onionprobe
-# - usermod --add-subuids 100000-165535 root
-# - usermod --add-subgids 100000-165535 root
-# - sbuild --verbose
-# tags:
-# - osuosl
-# # Restrict architectures until the following issue is addressed:
-# # https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/3
-# - x86_64
-# #artifacts:
-# # paths:
-# # - dist
-# #only:
-# # - main
-
-#autopkgtest:
-# stage: test
-# image: containers.torproject.org/tpo/tpa/base-images/debian:sid
-# needs:
-# - job: debian_sid
-# artifacts: true
-# before_script:
-# - !reference [.apt-init]
-# script:
-# - apt-get install autopkgtest autodep8 -y
-# - autopkgtest dist/onionprobe_*.deb -- null
+ !reference [.ubuntu-lts]
lintian:
- image: containers.torproject.org/tpo/tpa/base-images/debian:sid
- stage: test
- needs:
- - job: debian_sid
- artifacts: true
- before_script:
- - !reference [.apt-init]
- script:
- - apt-get update
- - apt-get install -y lintian
- - lintian --allow-root -v --pedantic dist/onionprobe_*.deb
- #only:
- # - main
+ !reference [.lintian]
piuparts:
- image: containers.torproject.org/tpo/tpa/base-images/debian:sid
- stage: test
- needs:
- - job: debian_sid
- artifacts: true
- before_script:
- - !reference [.apt-init]
- script:
- - apt-get install piuparts debootstrap -y
- # Manually ignore /var/cache/debconf/tmp.ci.
- # This explicit ignore option might be removed in the future.
- # Details at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092667
- - piuparts --ignore /var/cache/debconf/tmp.ci/ dist/onionprobe_*.deb
- # As of 2025-03-17, this job currently does not run successfully on TPA runners.
- # This constraint might be lifted once the following issue is fixed:
- # https://gitlab.torproject.org/tpo/tpa/team/-/issues/42087
- tags:
- - osuosl
- # Restrict architectures until the following issue is addressed:
- # https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/3
- - x86_64
- # As of 2025-03-25, there's no available runners for this job
- # https://gitlab.torproject.org/tpo/tpa/team/-/issues/41295#note_3177052
- rules:
- - when: never
- #only:
- # - main
+ !reference [.piuparts]
#
# Configuration
#
configs:
- image: containers.torproject.org/tpo/tpa/base-images/debian:stable
+ image: containers.torproject.org/tpo/tpa/base-images/debian:sid
stage: build
before_script:
- !reference [.apt-init]
@@ -199,7 +86,7 @@ configs:
#
#manpage:
-# image: containers.torproject.org/tpo/tpa/base-images/debian:stable
+# image: containers.torproject.org/tpo/tpa/base-images/debian:sid
# stage: build
# before_script:
# - !reference [.apt-init]
@@ -229,6 +116,8 @@ configs:
run_source:
image: containers.torproject.org/tpo/tpa/base-images/debian:sid
stage: test
+ # Retry twice, since Onionprobe might fail due to Tor bootrapping/network errors
+ retry: 2
before_script:
- !reference [.apt-init]
script:
@@ -239,6 +128,8 @@ run_source:
run_python:
image: containers.torproject.org/tpo/tpa/base-images/debian:sid
stage: test
+ # Retry twice, since Onionprobe might fail due to Tor bootrapping/network errors
+ retry: 2
needs:
- job: python
artifacts: true
@@ -254,6 +145,8 @@ run_python:
run_sid:
image: containers.torproject.org/tpo/tpa/base-images/debian:sid
stage: test
+ # Retry twice, since Onionprobe might fail due to Tor bootrapping/network errors
+ retry: 2
needs:
- job: debian_sid
artifacts: true
@@ -286,7 +179,7 @@ promtool:
stage: test
image:
#name: docker.io/prom/prometheus:v3.2.1
- name: quay.io/prometheus/prometheus:v3.2.1
+ name: quay.io/prometheus/prometheus:v3.6.0
entrypoint: [""]
script:
- promtool check config configs/prometheus/prometheus.yml
@@ -297,13 +190,4 @@ promtool:
#
release:
- image: registry.gitlab.com/gitlab-org/release-cli:latest
- stage: .post
- rules:
- # Run this job when a tag is created
- - if: $CI_COMMIT_TAG
- script:
- - echo "Running release_job..."
- release:
- tag_name: '$CI_COMMIT_TAG'
- description: '$CI_COMMIT_TAG'
+ !reference [.release-gitlab]
=====================================
configs/tor.yaml
=====================================
@@ -105,10 +105,10 @@ prometheus_exporter: true
# Prometheus exporter port
prometheus_exporter_port: 9935
-# Max random time in seconds between probing each endpoint
+# Max time in seconds between probing each endpoint
interval: 5
-# Max random time in seconds to wait between each round of tests (a round = a
+# Max time in seconds to wait between each round of tests (a round = a
# pass among all defined endpoints)
sleep: 5
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+onionprobe (1.4.1+ds-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Georg Faerber <georg at debian.org> Fri, 24 Oct 2025 09:57:55 +0000
+
onionprobe (1.4.0+ds-1) unstable; urgency=medium
* New upstream version. (Closes: #1105177)
=====================================
docs/api/helpers.md
=====================================
@@ -1,8 +1,8 @@
# Helper scripts
-## Manpage generator
+## Manpages generator
-::: packages.manpage
+::: packages.manpages
options:
show_root_toc_entry: false
heading_level: 3
=====================================
docs/changelog.md
=====================================
@@ -1,19 +1,18 @@
# Onionprobe ChangeLog
-## v1.4.0 - 2025-04-08
+## v1.4.1 - 2025-10-21
### Fixes
-* Filter out `SocketClosed` log messages from Stem ([tpo/onion-services/onionprobe!111][]).
+* Generating the manual page during development time
+ ([tpo/onion-services/onionprobe#93][]).
-* Handle `ssl.match_hostname()` deprecation ([tpo/onion-services/onionprobe#107][]).
+* Support for Python 3.14 ([tpo/onion-services/onionprobe#116][]).
-* Fix `CryptographyDeprecationWarning` on TLS certificate handling
- ([tpo/onion-services/onionprobe#92][]).
+[tpo/onion-services/onionprobe#93]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/93
+[tpo/onion-services/onionprobe#116]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/116
-[tpo/onion-services/onionprobe!111]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/111
-[tpo/onion-services/onionprobe#107]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/107
-[tpo/onion-services/onionprobe#92]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/92
+## v1.4.0 - 2025-04-08
### Features
@@ -36,8 +35,32 @@
[tpo/onion-services/onionprobe!107]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/107
[tpo/onion-services/onionprobe!108]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/108
+### Fixes
+
+* Filter out `SocketClosed` log messages from Stem ([tpo/onion-services/onionprobe!111][]).
+
+* Handle `ssl.match_hostname()` deprecation ([tpo/onion-services/onionprobe#107][]).
+
+* Fix `CryptographyDeprecationWarning` on TLS certificate handling
+ ([tpo/onion-services/onionprobe#92][]).
+
+[tpo/onion-services/onionprobe!111]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/111
+[tpo/onion-services/onionprobe#107]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/107
+[tpo/onion-services/onionprobe#92]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/92
+
## v1.3.0 - 2025-03-12
+### Features
+
+* [Standalone monitoring node](standalone.md):
+ * Grafana dashboard got a new time series: number of missing Onion Service
+ descriptors in HSDirs.
+
+* Added tests for the Prometheus configuration
+ ([tpo/onion-services/onionprobe!90][]).
+
+[tpo/onion-services/onionprobe!90]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/90
+
### Fixes
* [Standalone monitoring node](standalone.md):
@@ -59,17 +82,6 @@
[Compose]: https://docs.docker.com/reference/compose-file/
[@gus]: https://gitlab.torproject.org/gus
-### Features
-
-* [Standalone monitoring node](standalone.md):
- * Grafana dashboard got a new time series: number of missing Onion Service
- descriptors in HSDirs.
-
-* Added tests for the Prometheus configuration
- ([tpo/onion-services/onionprobe!90][]).
-
-[tpo/onion-services/onionprobe!90]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/90
-
## v1.2.1 - 2024-11-27
### Features
@@ -220,6 +232,12 @@
## v1.1.2 - 2023-09-28
+### Features
+
+* Debug outer and inner layer descriptor contents.
+
+* Decrease Prometheus certificate expiration alerts to 7 days in advance.
+
### Fixes
* Make the tor process quiet when generating hashed passwords (reported by
@@ -229,12 +247,6 @@
* Minor documentation improvements.
-### Features
-
-* Debug outer and inner layer descriptor contents.
-
-* Decrease Prometheus certificate expiration alerts to 7 days in advance.
-
## v1.1.1 - 2023-04-04
### Fixes
@@ -253,16 +265,6 @@
## v1.1.0 - 2023-04-03
-### Fixes
-
-* Stick to a PostgreSQL docker image:
- See https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/70
-
-* Command-line URL parsing:
- https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/17
-
-* Display default values for most options on `onionprobe --help`.
-
### Features
* Support for Tor metrics Prometheus exporter via `MetricsPort` and `MetricsPortPolicy`
@@ -371,6 +373,16 @@
* CI/CD: added jobs to test building debian and python packages, as well as
configurations and slides.
+### Fixes
+
+* Stick to a PostgreSQL docker image:
+ See https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/70
+
+* Command-line URL parsing:
+ https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/merge_requests/17
+
+* Display default values for most options on `onionprobe --help`.
+
## v1.0.0 - 2022-05-31
### Breaking changes
@@ -428,7 +440,7 @@
### Fixes
-* [x] Stem is unable to find cryptography module when runing from the pip package
+* [x] Stem is unable to find cryptography module when running from the pip package
https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/43
## v0.3.2 - 2022-05-11
@@ -486,7 +498,7 @@ Main issue: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues
Main issue: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/3
-### Enhancements
+### Features
* [x] Python packaging: https://pypi.org/project/onionprobe.
* [x] Support for `--endpoints` command line argument.
=====================================
docs/development.md
=====================================
@@ -10,18 +10,24 @@ Release cycle workflow.
Set the version number:
- ONIONPROBE_VERSION=1.4.0
+ ONIONPROBE_VERSION=1.4.1
Update the version in some files, like:
dch -i # debian/changelog
$EDITOR packages/onionprobe/config.py
- $EDITOR docker-compose.yml
+ $EDITOR docker-compose.yaml
$EDITOR setup.cfg
-### Regenerate the manpage
+### Regenerate the manpages
- make manpage
+Build updated manual pages:
+
+ make manpages
+
+Check:
+
+ man -l docs/man/onionprobe.1
### Register the changes
@@ -50,10 +56,14 @@ Build the Python package:
make build-python-package
-Test this package in a fresh virtual machine. Example:
+Install this package in a fresh virtual machine. Example:
sudo apt-get install -y python3-pip tor
- pip install --break-system-packages dist/onionprobe-$VERSION.whl
+ pip install --break-system-packages \
+ dist/onionprobe-$ONIONPROBE_VERSION-*.whl
+
+Then test it:
+
$HOME/.local/bin/onionprobe --version
$HOME/.local/bin/onionprobe -e \
http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion
@@ -64,26 +74,31 @@ If the package worked, upload it to the [Test PyPI][] instance:
make upload-python-test-package
-Try again the test package by fecthing it from [Test PyPI][], in another fresh
-virtual machine:
+Install again the test package, by fetching it from [Test PyPI][], and in
+another fresh virtual machine:
sudo apt-get install -y python3-pip tor
pip install -i https://pypi.org/simple/ \
--extra-index-url https://test.pypi.org/simple \
--break-system-packages \
onionprobe==$ONIONPROBE_VERSION
- $HOME/.local/bin/onionprobe --version
- $HOME/.local/bin/onionprobe -e \
- http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion
- $HOME/.local/bin/onionprobe -e \
- https://v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion
-If the the package works as expected,
-upload it to PyPi:
+Do the tests again in this new installation.
+If the the package works as expected, upload it to PyPI:
make upload-python-package
+Finally, install the package one more time, but now fetching it from [PyPI][],
+and in yet another fresh virtual machine:
+
+ sudo apt-get install -y python3-pip tor
+ pip install --break-system-packages \
+ onionprobe==$ONIONPROBE_VERSION
+
+Do the tests once more, in this new installation.
+
[Test PyPI]: https://test.pypi.org
+[PyPI]: https://pypi.org
### Announcement
=====================================
docs/installation.md
=====================================
@@ -126,8 +126,8 @@ mode](standalone.md).
## Running from source
It's also possible to run it directly from the [Git repository][], useful if
-you want to run the [standalone mode](standalone.md), [hack on it](hacking.md)
-or prefer a local installation:
+you want to run the [standalone mode](standalone.md), hack on it or prefer a
+local installation:
git clone https://gitlab.torproject.org/tpo/onion-services/onionprobe
cd onionprobe
=====================================
docs/man/README.md
=====================================
@@ -73,8 +73,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
options:
-h, --help show this help message and exit
- -c CONFIG, --config CONFIG
- Read options from configuration file. All command line
+ -c, --config CONFIG Read options from configuration file. All command line
parameters can be specified inside a YAML file.
Additional command line parameters override those set
in the configuration file.
@@ -93,7 +92,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
--descriptor_timeout DESCRIPTOR_TIMEOUT
Timeout in seconds when retrieving an Onion Service
descriptor (default: 30)
- -e [ONION-ADDRESS1 ...], --endpoints [ONION-ADDRESS1 ...]
+ -e, --endpoints [ONION-ADDRESS1 ...]
Add endpoints to the test list
--get_certificate_info, --no-get_certificate_info
Whether to get certificate information when testing
@@ -247,7 +246,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
onion_service_descriptor:
Onion Service descriptor information, including state and Hidden Service Directory (HSDir) used
onion_service_tls:
- Register miscelaneous TLS information for a given Onion Service, such as version and ciphers
+ Register miscellaneous TLS information for a given Onion Service, such as version and ciphers
onion_service_certificate:
Register miscellaneous TLS certificate information for a given Onion Service, such as version and fingerprints
onion_service_probe_status:
@@ -365,10 +364,10 @@ This is a sample configuration file that can be adapted:
# Prometheus exporter port
prometheus_exporter_port: 9935
- # Max random time in seconds between probing each endpoint
+ # Max time in seconds between probing each endpoint
interval: 5
- # Max random time in seconds to wait between each round of tests (a round = a
+ # Max time in seconds to wait between each round of tests (a round = a
# pass among all defined endpoints)
sleep: 5
@@ -964,7 +963,7 @@ Onionprobe currently has the following limitations:
## SEE ALSO
The *docs/* folder distributed with Onionprobe contains the full documentation,
-which should also be available at <https://tpo.pages.torproject.net/onion-services/onionprobe/>.
+which should also be available at <https://onionservices.torproject.org/apps/web/onionprobe/>.
The Onionprobe source code and all documentation may be downloaded from
<https://gitlab.torproject.org/tpo/onion-services/onionprobe>.
=====================================
docs/man/onionprobe.1
=====================================
@@ -0,0 +1,962 @@
+.\" Automatically generated by Pandoc 3.1.11.1
+.\"
+.TH "ONIONPROBE" "1" "Oct 21, 2025" "Onionprobe User Manual" ""
+.SH NAME
+Onionprobe \- a test and monitoring tool for Onion Services sites
+.SH SYNOPSIS
+onionprobe [\-h] [\-c CONFIG] [\-v] [\[en]circuit_stream_timeout
+CIRCUIT_STREAM_TIMEOUT] [\[en]control_password CONTROL_PASSWORD]
+[\[en]control_port CONTROL_PORT] [\[en]descriptor_max_retries
+DESCRIPTOR_MAX_RETRIES] [\[en]descriptor_timeout DESCRIPTOR_TIMEOUT]
+[\-e [ONION\-ADDRESS1 \&...]] [\[en]get_certificate_info |
+\[en]no\-get_certificate_info] [\[en]http_connect_max_retries
+HTTP_CONNECT_MAX_RETRIES] [\[en]http_connect_timeout
+HTTP_CONNECT_TIMEOUT] [\[en]http_read_timeout HTTP_READ_TIMEOUT]
+[\[en]interval INTERVAL] [\[en]launch_tor | \[en]no\-launch_tor]
+[\[en]log_level LOG_LEVEL] [\[en]loop | \[en]no\-loop]
+[\[en]metrics_port METRICS_PORT] [\[en]metrics_port_policy
+METRICS_PORT_POLICY] [\[en]new_circuit | \[en]no\-new_circuit]
+[\[en]prometheus_exporter | \[en]no\-prometheus_exporter]
+[\[en]prometheus_exporter_port PROMETHEUS_EXPORTER_PORT] [\[en]randomize
+| \[en]no\-randomize] [\[en]rounds ROUNDS] [\[en]shuffle |
+\[en]no\-shuffle] [\[en]sleep SLEEP] [\[en]socks_port SOCKS_PORT]
+[\[en]test_tls_connection | \[en]no\-test_tls_connection]
+[\[en]tls_connect_max_retries TLS_CONNECT_MAX_RETRIES]
+[\[en]tls_connect_timeout TLS_CONNECT_TIMEOUT] [\[en]tls_verify |
+\[en]no\-tls_verify] [\[en]tor_address TOR_ADDRESS]
+.SH DESCRIPTION
+Onionprobe is a tool for testing and monitoring the status of Tor Onion
+Services sites.
+.PP
+It can run a single time or continuously to probe a set of onion
+services endpoints and paths, optionally exporting to Prometheus.
+.SH FULL INVOCATION, OPTIONS, EXAMPLES AND METRICS
+.IP
+.EX
+onionprobe [\-h] [\-c CONFIG] [\-v]
+ [\-\-circuit_stream_timeout CIRCUIT_STREAM_TIMEOUT]
+ [\-\-control_password CONTROL_PASSWORD]
+ [\-\-control_port CONTROL_PORT]
+ [\-\-descriptor_max_retries DESCRIPTOR_MAX_RETRIES]
+ [\-\-descriptor_timeout DESCRIPTOR_TIMEOUT]
+ [\-e [ONION\-ADDRESS1 ...]]
+ [\-\-get_certificate_info | \-\-no\-get_certificate_info]
+ [\-\-http_connect_max_retries HTTP_CONNECT_MAX_RETRIES]
+ [\-\-http_connect_timeout HTTP_CONNECT_TIMEOUT]
+ [\-\-http_read_timeout HTTP_READ_TIMEOUT]
+ [\-\-interval INTERVAL] [\-\-launch_tor | \-\-no\-launch_tor]
+ [\-\-log_level LOG_LEVEL] [\-\-loop | \-\-no\-loop]
+ [\-\-metrics_port METRICS_PORT]
+ [\-\-metrics_port_policy METRICS_PORT_POLICY]
+ [\-\-new_circuit | \-\-no\-new_circuit]
+ [\-\-prometheus_exporter | \-\-no\-prometheus_exporter]
+ [\-\-prometheus_exporter_port PROMETHEUS_EXPORTER_PORT]
+ [\-\-randomize | \-\-no\-randomize] [\-\-rounds ROUNDS]
+ [\-\-shuffle | \-\-no\-shuffle] [\-\-sleep SLEEP]
+ [\-\-socks_port SOCKS_PORT]
+ [\-\-test_tls_connection | \-\-no\-test_tls_connection]
+ [\-\-tls_connect_max_retries TLS_CONNECT_MAX_RETRIES]
+ [\-\-tls_connect_timeout TLS_CONNECT_TIMEOUT]
+ [\-\-tls_verify | \-\-no\-tls_verify] [\-\-tor_address TOR_ADDRESS]
+
+Test and monitor onion services
+
+options:
+ \-h, \-\-help show this help message and exit
+ \-c, \-\-config CONFIG Read options from configuration file. All command line
+ parameters can be specified inside a YAML file.
+ Additional command line parameters override those set
+ in the configuration file.
+ \-v, \-\-version show program\[aq]s version number and exit
+ \-\-circuit_stream_timeout CIRCUIT_STREAM_TIMEOUT
+ Sets how many seconds until a stream is detached from
+ a circuit and try a new circuit (default: 60)
+ \-\-control_password CONTROL_PASSWORD
+ Set Tor control password or use a password prompt
+ (system\-wide Tor service) or auto\-generate a temporary
+ password (built\-in Tor service) (default: None)
+ \-\-control_port CONTROL_PORT
+ Tor control port (default: 19051)
+ \-\-descriptor_max_retries DESCRIPTOR_MAX_RETRIES
+ Max retries when fetching a descriptor (default: 5)
+ \-\-descriptor_timeout DESCRIPTOR_TIMEOUT
+ Timeout in seconds when retrieving an Onion Service
+ descriptor (default: 30)
+ \-e, \-\-endpoints [ONION\-ADDRESS1 ...]
+ Add endpoints to the test list
+ \-\-get_certificate_info, \-\-no\-get_certificate_info
+ Whether to get certificate information when testing
+ TLS/HTTPS endpoints. Requires \-\-test_tls_connection to
+ take effect.
+ \-\-http_connect_max_retries HTTP_CONNECT_MAX_RETRIES
+ Max retries when doing a HTTP/HTTPS connection to an
+ Onion Service (default: 3)
+ \-\-http_connect_timeout HTTP_CONNECT_TIMEOUT
+ Connection timeout for HTTP/HTTPS requests (default:
+ 30)
+ \-\-http_read_timeout HTTP_READ_TIMEOUT
+ Read timeout for HTTP/HTTPS requests (default: 30)
+ \-\-interval INTERVAL Max random interval in seconds between probing each
+ endpoint (default: 60)
+ \-\-launch_tor, \-\-no\-launch_tor
+ Whether to launch it\[aq]s own Tor daemon (set to false to
+ use the system\-wide Tor process)
+ \-\-log_level LOG_LEVEL
+ Log level : debug, info, warning, error or critical
+ (default: info)
+ \-\-loop, \-\-no\-loop Run Onionprobe continuously
+ \-\-metrics_port METRICS_PORT
+ Tor Metrics port (MetricsPort). An empty value means
+ it is disabled
+ \-\-metrics_port_policy METRICS_PORT_POLICY
+ Tor Metrics port policy (MetricsPortPolicy). An empty
+ value means it is disabled\[aq] (default: reject *)
+ \-\-new_circuit, \-\-no\-new_circuit
+ Get a new circuit for every stream
+ \-\-prometheus_exporter, \-\-no\-prometheus_exporter
+ Enable Prometheus exporting functionality
+ \-\-prometheus_exporter_port PROMETHEUS_EXPORTER_PORT
+ Set the Prometheus exporter port (default: 9935)
+ \-\-randomize, \-\-no\-randomize
+ Randomize the interval between each probing
+ \-\-rounds ROUNDS Run only a limited number of rounds (i.e., the number
+ of times that Onionprobe tests all the configured
+ endpoints). Requires the \[dq]loop\[dq] option to be enabled.
+ Set to 0 to disable this limit. (default: 0)
+ \-\-shuffle, \-\-no\-shuffle
+ Shuffle the list of endpoints at each probing round
+ \-\-sleep SLEEP Max random interval in seconds to wait between each
+ round of tests (default: 60)
+ \-\-socks_port SOCKS_PORT
+ Tor SOCKS port (default: 19050)
+ \-\-test_tls_connection, \-\-no\-test_tls_connection
+ Whether to run a specific test for TLS endpoints
+ \-\-tls_connect_max_retries TLS_CONNECT_MAX_RETRIES
+ Max retries when doing a TLS connection to an Onion
+ Service (default: 3)
+ \-\-tls_connect_timeout TLS_CONNECT_TIMEOUT
+ Connection timeout for TLS connections (default: 30)
+ \-\-tls_verify, \-\-no\-tls_verify
+ Whether to verify TLS/HTTPS certificates
+ \-\-tor_address TOR_ADDRESS
+ Tor listening address if the system\-wide service is
+ used (default: 127.0.0.1)
+
+Examples:
+
+ onionprobe \-c configs/tor.yaml
+ onionprobe \-e http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion
+
+Available metrics:
+
+ onionprobe_version:
+ Onionprobe version information
+ onionprobe_state:
+ Onionprobe latest state
+ onionprobe_wait_seconds:
+ Records how long Onionprobe waited between two probes in seconds
+ onion_service_latency_seconds:
+ Register Onion Service connection latency in seconds
+ onion_service_reachable:
+ Register if the Onion Service is reachable: value is 1 for reachability and 0 otherwise
+ onion_service_connection_attempts:
+ Register the number of attempts when trying to connect to an Onion Service in a probing round
+ onion_service_tls_security_level:
+ An integer representing the SSL security level for the context.See SSL_CTX_get_security_level(3) manpage for details.
+ onion_service_status_code:
+ Register Onion Service connection HTTP status code
+ onion_service_unexpected_status_code:
+ Register if an Onion Service connection returned an unexpected HTTP status code: 1 for unexpected and 0 otherwise
+ onion_service_descriptor_latency_seconds:
+ Register Onion Service latency in seconds to get the descriptor
+ onion_service_descriptor_reachable:
+ Register if the Onion Service descriptor is available: value is 1 for reachability and 0 otherwise
+ onion_service_descriptor_fetch_attempts:
+ Register the number of attempts required when trying to get an Onion Service descriptor in a probing round
+ onion_service_descriptor_revision_counter:
+ Register Onion Service descriptor revision counter
+ onion_service_descriptor_lifetime_seconds:
+ Register Onion Service descriptor lifetime in seconds
+ onion_service_descriptor_outer_wrapper_size_bytes:
+ Register Onion Service outer wrapper descriptor size in bytes (decrypted)
+ onion_service_descriptor_second_layer_size_bytes:
+ Register Onion Service second layer descriptor size in bytes (decrypted)
+ onion_service_is_single:
+ Indicates whether the server is using the single hop Onion Service circuit mode: value is 1 if this is a single onion service, 0 otherwise
+ onion_service_introduction_points_number:
+ Register the number of introduction points in the Onion Service descriptor
+ onion_service_pow_enabled:
+ Whether Proof of Work (PoW) defense is enabled in the Onion Service: value is 1 when PoW is enabled, 0 otherwise
+ onion_service_pow_v1_seed:
+ The Proof of Work (PoW) decoded seed for the v1 scheme
+ onion_service_pow_v1_effort:
+ The Proof of Work (PoW) suggested effort for the v1 scheme
+ onion_service_pow_v1_expiration_seconds:
+ The Proof of Work (PoW) seed expiration time for the v1 scheme
+ onion_service_pattern_matched:
+ Register whether a regular expression pattern is matched when connection to the Onion Service: value is 1 for matched pattern and 0 otherwise
+ onion_service_valid_certificate:
+ Register whether the Onion Service HTTPS certificate is valid: value is 1, 0 for invalid, 2 for untested. Only for sites reachable using HTTPS
+ onion_service_certificate_not_valid_before_timestamp_seconds:
+ Register the beginning of the validity period of the certificate in UTC.This does not mean necessarily that the certificate is CA\-validated.Value is represented as a POSIX timestamp
+ onion_service_certificate_not_valid_after_timestamp_seconds:
+ Register the end of the validity period of the certificate in UTC.This does not mean necessarily that the certificate is CA\-validated.Value is represented as a POSIX timestamp
+ onion_service_certificate_expiry_seconds:
+ Register how many seconds are left before the certificate expire.Negative values indicate how many seconds passed after the certificate already expired.
+ onion_service_certificate_match_hostname:
+ Register whether a provided server certificate matches the server hostname in a TLS connection: value is 1 for matched hostname and 0 otherwise. Check is done both on the commonName and subjectAltName fields. A value of 1 does not mean necessarily that the certificate is CA\-validated.
+ hsdir_latency_seconds:
+ Register HSDir latency in seconds to fetch a descriptor
+ onion_service_fetch_requests:
+ Counts the total number of requests to access an Onion Service
+ onion_service_fetch_error:
+ Counts the total number of errors when fetching an Onion Service
+ onion_service_descriptor_fetch_requests:
+ Counts the total number of requests to fetch an Onion Service descriptor
+ onion_service_descriptor_fetch_error:
+ Counts the total number of errors when fetching an Onion Service descriptor
+ onion_service_generic_error:
+ Counts the total number of errors not tracked by other metrics
+ onion_service_request_exception:
+ Counts the total number of Onion Service general exception errors
+ onion_service_connection_error:
+ Counts the total number of Onion Service connection errors
+ onion_service_http_error:
+ Counts the total number of Onion Service HTTP errors
+ onion_service_too_many_redirects:
+ Counts the total number of Onion Service too many HTTP redirect errors
+ onion_service_connection_timeout:
+ Counts the total number of Onion Service connection timeouts
+ onion_service_read_timeout:
+ Counts the total number of Onion Service read timeouts
+ onion_service_timeout:
+ Counts the total number of Onion Service timeouts
+ onion_service_certificate_error:
+ Counts the total number of HTTPS certificate validation errors
+ onion_service_descriptor:
+ Onion Service descriptor information, including state and Hidden Service Directory (HSDir) used
+ onion_service_tls:
+ Register miscellaneous TLS information for a given Onion Service, such as version and ciphers
+ onion_service_certificate:
+ Register miscellaneous TLS certificate information for a given Onion Service, such as version and fingerprints
+ onion_service_probe_status:
+ Register information about the last test made to a given Onion Service, including POSIX timestamp
+.EE
+.SH CONFIGURATION FILE FORMAT
+This is a sample configuration file that can be adapted:
+.IP
+.EX
+\-\-\-
+# Sample config file for Onionprobe
+#
+# Copyright (C) 2022 The Tor Project, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Log level: debug, info, warning, error or critical
+log_level: \[aq]info\[aq]
+
+# Whether to launch it\[aq]s own Tor daemon (set to false to use the system\-wide Tor service)
+launch_tor: true
+
+# Tor listening address if the system\-wide service is used
+#tor_address: \[aq]tor\[aq]
+tor_address: \[aq]127.0.0.1\[aq]
+
+# Tor SOCKS port
+#
+# Use a non\-default Tor SOCKS port to avoid conflict with any existing
+# system\-wide Tor process listening at TCP port 9050.
+#socks_port: 9050
+socks_port: 19050
+
+# Tor control port
+#
+# Use a non\-default Tor control port to avoid conflict with any existing
+# system\-wide Tor process listening at TCP port 9051.
+#control_port: 9051
+control_port: 19051
+
+# Tor control password
+#
+# Set to false to
+#
+# * Use a temporary auto\-generated password when using the built\-in Tor
+# service.
+# * Show a password prompt when using the system\-wide Tor service.
+#
+# Do not use the example value in production, as this password is available
+# publicly
+#control_password: false
+#control_password: \[aq]hackedpasswdbSkUMOr2vIlL5u2YEMA1YpwKj08\[aq]
+
+# Whether to run continuously
+loop: true
+
+# Tor Metrics port (MetricsPort)
+# An empty value means it is disabled
+#
+# WARNING: Before enabling this, it is important to understand that exposing
+# tor metrics publicly is dangerous to the Tor network users. Please take extra
+# precaution and care when opening this port. Set a very strict access policy
+# with \[ga]metrics_port_policy\[ga] and consider using your operating systems firewall
+# features for defense in depth.
+#
+# We recommend, for the prometheus format, that the only address that can
+# access this port should be the Prometheus server itself. Remember that the
+# connection is unencrypted (HTTP) hence consider using a tool like stunnel to
+# secure the link from this port to the server.
+#
+# Example settings for the metrics_port parameter:
+#
+# metrics_port: \[aq]9936\[aq] # localhost only on port 9936
+# metrics_port: \[aq]0.0.0.0:9936\[aq] # binds to all IPv4 addresses in the host
+#
+metrics_port: \[aq]\[aq]
+
+# Tor Metrics port policy (MetricsPortPolicy)
+# An empty value means it is disabled
+#
+# Example settings for the metrics_port_policy parameter:
+#
+# metrics_port_policy: \[aq]accept 172.19.0.100\[aq]
+# metrics_port_policy: \[aq]accept 127.0.0.1,accept 172.19.0.100\[aq]
+# metrics_port_policy: \[aq]accept *\[aq]
+#
+# This should work by default for Docker containers in the 172.16.0.0/12 subnet
+# (not recommended):
+#
+# metrics_port_policy: \[aq]accept 172.16.0.0/12\[aq]
+#
+# This should work by default for a local network, including local Docker
+# containers (not recommended):
+#
+# metrics_port_policy: \[aq]accept 192.168.0.0/16,accept 10.0.0.0/8,accept 172.16.0.0/12\[aq]
+#
+metrics_port_policy: \[aq]reject *\[aq]
+
+# Whether to enable Prometheus exporter functionality
+# Setting it to true automatically enables countinuos run (loop)
+prometheus_exporter: true
+
+# Prometheus exporter port
+prometheus_exporter_port: 9935
+
+# Max time in seconds between probing each endpoint
+interval: 5
+
+# Max time in seconds to wait between each round of tests (a round = a
+# pass among all defined endpoints)
+sleep: 5
+
+# Whether to shuffle list to scramble the ordering of the probe to avoid
+# the endpoint list to be guessed by a third party.
+#
+# This shuffles the list every time Onionprobe starts a new round of
+# tests.
+shuffle: true
+
+# Whether to randomize both the interval and the sleep time for privacy
+# concerns and to avoid systematic errors
+randomize: true
+
+# Run only a limited number of rounds (i.e., the number of times that
+# Onionprobe tests all the configured endpoints).
+# Requires the \[dq]loop\[dq] option to be enabled.
+# Set to 0 to disable this limit.
+rounds: 0
+
+# Max retries when fetching a descriptor
+# By default it is set to the number of HSDirs the client usually fetch minus one
+# See discussion at https://gitlab.torproject.org/tpo/network\-health/analysis/\-/issues/28
+descriptor_max_retries: 5
+
+# Timeout in seconds when retrieving an Onion Service descriptor
+descriptor_timeout: 30
+
+# Connection timeout for HTTP/HTTPS requests
+http_connect_timeout: 30
+
+# Max retries when doing a HTTP/HTTPS connection to an Onion Service
+http_connect_max_retries: 3
+
+# Read timeout for HTTP/HTTPS requests
+http_read_timeout: 30
+
+# Whether to get a new circuit for every stream
+new_circuit: false
+
+# Sets how many seconds until a stream is detached from a circuit and try a new
+# circuit (CircuitStreamTimeout Tor daemon config)
+circuit_stream_timeout: 60
+
+# Whether to verify TLS/HTTPS certificates
+tls_verify: true
+
+# Whether to run a specific test for TLS endpoints
+test_tls_connection: true
+
+# Whether to get certificate information when testing TLS/HTTPS endpoints.
+# Requires \[dq]test_tls_connection\[dq] set to true to take effect.
+get_certificate_info: true
+
+# Connection timeout for TLS connections
+tls_connect_timeout: 30
+
+# Max retries when doing a TLS connection to an Onion Service
+tls_connect_max_retries: 3
+
+# The list of endpoints to be tested
+endpoints:
+ # Using addresses from https://onion.torproject.org
+ www.torproject.org:
+ address: \[aq]2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion\[aq]
+ protocol: \[aq]http\[aq]
+ port: 80
+ paths:
+ \- path : \[aq]/\[aq]
+ # Specifying a per\-path pattern makes Onionprobe look for it in the
+ # request and hence operating like a basic check if the endpoint
+ # is operational.
+ #
+ # Accepts patterns using Python\[aq]s regex format
+ pattern: \[aq]Tor Project\[aq]
+
+ # The allowed HTTP status codes for this endpoint
+ # Any code not in this list will set an unexpected status code metric
+ allowed_statuses:
+ \- 200
+ 2019.www.torproject.org:
+ address: jqyzxhjk6psc6ul5jnfwloamhtyh7si74b4743k2qgpskwwxrzhsxmad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ alertmanager1.torproject.org:
+ address: sbgubiq7c3r7zp22gnl4pjfwisk2plbxwhbwcluwjegbxzwhq7a2ucyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ alertmanager2.torproject.org:
+ address: uqduzmqiesrjqw2n7rc66h267mmbsxzacohrfhpoxm746wa46yh25jqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ archive.torproject.org:
+ address: uy3qxvwzwoeztnellvvhxh7ju7kfvlsauka7avilcjg7domzxptbq7qd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ aus1.torproject.org:
+ address: ot3ivcdxmalbsbponeeq5222hftpf3pqil24q3s5ejwo5t52l65qusid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ aus2.torproject.org:
+ address: b5t7emfr2rn3ixr4lvizpi3stnni4j4p6goxho7lldf4qg4hz5hvpqid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ blog.torproject.org:
+ address: pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ bridges.torproject.org:
+ address: yq5jjvr7drkjrelzhut7kgclfuro65jjlivyzfmxiq2kyv5lickrl4qd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ cloud.torproject.org:
+ address: ui3cpcohcoko6aydhuhlkwqqtvadhaflcc5zb7mwandqmcal7sbwzwqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ collector.torproject.org:
+ address: pgmrispjerzzf2tdzbfp624cg5vpbvdw2q5a3hvtsbsx25vnni767yad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ collector2.torproject.org:
+ address: urscdffm73o4y6hpp3r43bgmudq42hq2ibdpkld6a7hy3qa44qbvc2yd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ community.torproject.org:
+ address: xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2ioyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ consensus\-health.torproject.org:
+ address: tkskz5dkjel4xqyw5d5l3k52kgglotwn6vgb5wrl2oa5yi2szvywiyid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ crm.torproject.org:
+ address: 6ojylpznauimd2fga3m7g24vd7ebkzlemxdprxckevqpzs347ugmynqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ db.torproject.org:
+ address: epnxy4oscv3yh2fjwfrvctnjsmj5ta5uxdkq6k2ce7borqvcsk4qxhid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ deb.torproject.org:
+ address: apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ dev.crm.torproject.org:
+ address: eewp4iydzyu2a5d6bvqadadkozxdbhsdtmsoczu2joexfrjjsheaecad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ dist.torproject.org:
+ address: scpalcwstkydpa3y7dbpkjs2dtr7zvtvdbyj3dqwkucfrwyixcl5ptqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ exonerator.torproject.org:
+ address: pm46i5h2lfewyx6l7pnicbxhts2sxzacvsbmqiemqaspredf2gm3dpad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ extra.torproject.org:
+ address: kkr72iohlfix5ipjg776eyhplnl2oiv5tz4h2y2bkhjix3quafvjd5ad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ forum.torproject.org:
+ address: v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 443
+ protocol: https
+ gitlab.torproject.org:
+ address: eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ grafana1.torproject.org:
+ address: 7zjnw5lx2x27rwiocxkqdquo7fawj46mf2wiu2l7e6z6ng6nivmdxnad.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ grafana2.torproject.org:
+ address: f3vd6fyiccuppybkxiblgigej3pfvvqzjnhd3wyv7h4ee5asawf2fhqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ ircbouncer.torproject.org:
+ address: moz5kotsnjony4oxccxfo4lwk3pvoxmdoljibhgoonzgzjs5oemtjmqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ karma1.torproject.org:
+ address: t5z367d2omuewjvrwqsdd2bixlh6dektuf2hhe2hc2tpvk4bosb4u4yd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ karma2.torproject.org:
+ address: h6necup44ztozsqs3my6g5pjljptqnm4auqrqcy6jdctoqvznmvh3qqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ lists\-01.torproject.org:
+ address: e6r6heg2ucmlm2po5yrxzf6k23ta5wwbt2adogjcyntlaiopytjz35yd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ metrics\-api.torproject.org:
+ address: yc3galza3gejn3taziuhhgrwt4bdtwmom25zby7jphfwbeirvkmcdvqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ metrics\-db.torproject.org:
+ address: lk6lj36rfj32u2rjceujj3o7otgujm6fw5hyyxr6jko6pkfasb2z6eid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ metrics.torproject.org:
+ address: hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ moat.torproject.org:
+ address: z7m7ogzdhu43nosvjtsuplfmuqa3ge5obahixydhmzdox6owwxfoxzid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ newsletter.torproject.org:
+ address: a4ygisnerpgtc5ayerl22pll6cls3oyj54qgpm7qrmb66xrxts6y3lyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ nightlies.tbb.torproject.org:
+ address: umj4zbqdfcyevlkgqgpq6foxk3z75zzxsbgt5jqmfxofrbrjh3crbnad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ nyx.torproject.org:
+ address: 3ewfgrt4gzfccp6bnquhqb266r3zepiqpnsk3falwygkegtluwuyevid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ onion.torproject.org:
+ address: xao2lxsmia2edq2n5zxg6uahx6xox2t7bfjw6b5vdzsxi7ezmqob6qid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ onionservices.torproject.org:
+ address: ttevhjjsjxz6uqqcjkbig5cycd7n7xv7cmd6f5fcvrqaaa7f3bj36wad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ openpgpkey.torproject.org:
+ address: 2yldcptk56shc7lwieozoglw3t5ghty7m6mf2faysvfnzccqavbu2mad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ people.torproject.org:
+ address: 5ecey6oe4rocdsfoigr4idu42cecm2j7zfogc3xc7kfn4uriehwrs6qd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ prometheus1.torproject.org:
+ address: ydok5jiruh3ak6hcfdlm2g7iuraaxcomeckj2nucjsxif6qmrrda2byd.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ prometheus2.torproject.org:
+ address: vyo6yrqhl3by7d6n5t6hjkflaqbarjpqjnvapr5u5rafk4imnfrmcjyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ rbm.torproject.org:
+ address: nkuz2tpok7ctwd5ueer5bytj3bm42vp7lgjcsnznal3stotg6vyaakyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ rdsys\-moat.torproject.org:
+ address: jcbdm4biw3aac57snk34brzc5fghbszrzde47idnlanj6kf6jmocdgqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ research.torproject.org:
+ address: xhqthou6scpfnwjyzc3ekdgcbvj76ccgyjyxp6cgypxjlcuhnxiktnqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ review.torproject.net:
+ address: zhkhhhnppc5k6xju7n25rjba3wuip73jnodicxl65qdpchrwvvsilcyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 401
+ path: /
+ port: 80
+ protocol: http
+ rpm.torproject.org:
+ address: 4ayyzfoh5qdrokqaejis3rdredhvf22n3migyxfudpkpunngfc7g4lqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ snowflake.torproject.org:
+ address: oljlphash3bpqtrvqpr5gwzrhroziw4mddidi5d2qa4qjejcbrmoypqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ spec.torproject.org:
+ address: i3xi5qxvbrngh3g6o7czwjfxwjzigook7zxzjmgwg5b7xnjcn5hzciad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ staging.crm.torproject.org:
+ address: pt34uujusar4arrvsqljndqlt7tck2d5cosaav5xni4nh7bmvshyp2yd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ status.torproject.org:
+ address: eixoaclv7qvnmu5rolbdwba65xpdiditdoyp6edsre3fitad777jr3ad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ stem.torproject.org:
+ address: mf34jlghauz5pxjcmdymdqbe5pva4v24logeys446tdrgd5lpsrocmqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ styleguide.torproject.org:
+ address: 7khzpw47s35pwo3lvtctwf2szvnq3kgglvzc22elx7of2awdzpovqmqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ submission.torproject.org:
+ address: givpjczyrb5jjseful3o5tn3tg7tidbu4gydl4sa5ekpcipivqaqnpad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ support.torproject.org:
+ address: rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ survey.torproject.org:
+ address: eh5esdnd6fkbkapfc6nuyvkjgbtnzq2is72lmpwbdbxepd2z7zbgzsqd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ svn\-archive.torproject.org:
+ address: b63iq6es4biaawfilwftlfkw6a6putogxh4iakei2ioppb7dsfucekyd.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ tagtor.torproject.org:
+ address: lx75vwrdgdgzpnnewquw2kngajieq6lqbblawoufjkf6fyqexhu4iiad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ tb\-manual.torproject.org:
+ address: dsbqrprgkqqifztta6h3w7i2htjhnq7d3qkh3c7gvc35e66rrcv66did.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ test\-data.tbb.torproject.org:
+ address: umbk3kbgov4ekg264yulvbrpykfye7ohguqbds53qn547mdpt6o4qkad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ test.crm.torproject.org:
+ address: a4d52y2erv4eijii66cpnyqn7rsnnq3gmtrsdxzt2laoutvu4gz7fwid.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+ www.onion\-router.net:
+ address: tttyx2vwp7ihml3vkhywwcizv6nbwrikpgeciy3qrow7l7muak2pnhad.onion
+ paths:
+ \- allowed_statuses:
+ \- 200
+ path: /
+ port: 80
+ protocol: http
+.EE
+.SH EXIT STATUS
+If any tested endpoint had a failure on any probing, then the exit
+status is 1.
+Otherwise, the exit status is 0.
+.SH FILES
+.TP
+/etc/onionprobe
+System\-wide Onionprobe configuration files.
+.SH LIMITATIONS
+Onionprobe currently has the following limitations:
+.IP "1." 3
+Only works for Onion Services websites, i.e, those served via either
+HTTP or HTTPS.
+.IP "2." 3
+Currently Onionprobe probes runs in a single thread.
+.IP "3." 3
+For other limitations, check the list of issues available at the
+Onionprobe source code repository.
+.SH SEE ALSO
+The \f[I]docs/\f[R] folder distributed with Onionprobe contains the full
+documentation, which should also be available at \c
+.UR https://onionservices.torproject.org/apps/web/onionprobe/
+.UE \c
+\&.
+.PP
+The Onionprobe source code and all documentation may be downloaded from
+\c
+.UR https://gitlab.torproject.org/tpo/onion-services/onionprobe
+.UE \c
+\&.
+.SH AUTHORS
+Silvio Rhatto \c
+.MT rhatto at torproject.org
+.ME \c.
=====================================
docs/man/onionprobe.1.txt
=====================================
@@ -1,6 +1,6 @@
% ONIONPROBE(1) Onionprobe User Manual
% Silvio Rhatto <rhatto at torproject.org>
-% Apr 08, 2025
+% Oct 21, 2025
# NAME
@@ -75,8 +75,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
options:
-h, --help show this help message and exit
- -c CONFIG, --config CONFIG
- Read options from configuration file. All command line
+ -c, --config CONFIG Read options from configuration file. All command line
parameters can be specified inside a YAML file.
Additional command line parameters override those set
in the configuration file.
@@ -95,7 +94,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
--descriptor_timeout DESCRIPTOR_TIMEOUT
Timeout in seconds when retrieving an Onion Service
descriptor (default: 30)
- -e [ONION-ADDRESS1 ...], --endpoints [ONION-ADDRESS1 ...]
+ -e, --endpoints [ONION-ADDRESS1 ...]
Add endpoints to the test list
--get_certificate_info, --no-get_certificate_info
Whether to get certificate information when testing
@@ -249,7 +248,7 @@ onion services endpoints and paths, optionally exporting to Prometheus.
onion_service_descriptor:
Onion Service descriptor information, including state and Hidden Service Directory (HSDir) used
onion_service_tls:
- Register miscelaneous TLS information for a given Onion Service, such as version and ciphers
+ Register miscellaneous TLS information for a given Onion Service, such as version and ciphers
onion_service_certificate:
Register miscellaneous TLS certificate information for a given Onion Service, such as version and fingerprints
onion_service_probe_status:
@@ -367,10 +366,10 @@ This is a sample configuration file that can be adapted:
# Prometheus exporter port
prometheus_exporter_port: 9935
- # Max random time in seconds between probing each endpoint
+ # Max time in seconds between probing each endpoint
interval: 5
- # Max random time in seconds to wait between each round of tests (a round = a
+ # Max time in seconds to wait between each round of tests (a round = a
# pass among all defined endpoints)
sleep: 5
@@ -966,7 +965,7 @@ Onionprobe currently has the following limitations:
# SEE ALSO
The *docs/* folder distributed with Onionprobe contains the full documentation,
-which should also be available at <https://tpo.pages.torproject.net/onion-services/onionprobe/>.
+which should also be available at <https://onionservices.torproject.org/apps/web/onionprobe/>.
The Onionprobe source code and all documentation may be downloaded from
<https://gitlab.torproject.org/tpo/onion-services/onionprobe>.
=====================================
docs/man/onionprobe.1.txt.tmpl
=====================================
@@ -53,7 +53,7 @@ Onionprobe currently has the following limitations:
# SEE ALSO
The *docs/* folder distributed with Onionprobe contains the full documentation,
-which should also be available at <https://tpo.pages.torproject.net/onion-services/onionprobe/>.
+which should also be available at <https://onionservices.torproject.org/apps/web/onionprobe/>.
The Onionprobe source code and all documentation may be downloaded from
<https://gitlab.torproject.org/tpo/onion-services/onionprobe>.
=====================================
docs/standalone.md
=====================================
@@ -252,7 +252,7 @@ metrics_port_policy: 'accept 172.16.0.0/12'
Another basic, **non-recommended** example:
```yaml
-# The folloing should work by default for a local network, including local
+# The following should work by default for a local network, including local
# containers (not recommended):
metrics_port: '0.0.0.0:9936'
metrics_port_policy: 'accept 192.168.0.0/16,accept 10.0.0.0/8,accept 172.16.0.0/12'
=====================================
docs/structure.md
=====================================
@@ -2,7 +2,7 @@
Relevant folders and files in this repository:
-* `configs`: miscelaneous configurations.
+* `configs`: miscellaneous configurations.
* `contrib`: folder reserved for storing contributed code and configuration.
* `containers`: container configurations.
* `debian`: debian packaging.
=====================================
packages/manpage.py → packages/manpages.py
=====================================
@@ -22,8 +22,19 @@
import os
import datetime
import re
+
from onionprobe.config import cmdline_parser, basepath
+manpages = {
+ 'onionprobe': {
+ 'parser' : cmdline_parser(),
+ 'template': os.path.join(basepath, 'docs', 'man', 'onionprobe.1.txt.tmpl'),
+ 'output' : os.path.join(basepath, 'docs', 'man', 'onionprobe.1.txt'),
+ 'config' : os.path.join(
+ basepath, 'configs', 'tor.yaml'),
+ },
+ }
+
def remove_usage_prefix(text):
"""
Simply removes the "usage: " string prefix from a text.
@@ -62,29 +73,33 @@ def generate():
"""
- # Set inputs and outputs
- template = os.path.join(basepath, 'docs', 'man', 'onionprobe.1.txt.tmpl')
- output = os.path.join(basepath, 'docs', 'man', 'onionprobe.1.txt')
- config = os.path.join(basepath, 'configs', 'tor.yaml')
-
# Assume a 80 columm terminal to compile the usage and help texts
os.environ["COLUMNS"] = "80"
- # Initialize the command line parser
- parser = cmdline_parser()
+ # Iterate over all manual pages to be built
+ for man in manpages:
+ # Initialize the command line parser
+ parser = manpages[man]['parser']
+
+ # Compile template variables
+ usage = remove_usage_prefix(parser.format_usage())
+ invocation = remove_usage_prefix(format_as_markdown_verbatim(parser.format_help()))
+ date = datetime.datetime.now().strftime('%b %d, %Y')
+ config = ''
- # Compile template variables
- usage = remove_usage_prefix(parser.format_usage())
- invocation = remove_usage_prefix(format_as_markdown_verbatim(parser.format_help()))
- date = datetime.datetime.now().strftime('%b %d, %Y')
+ if manpages[man]['config'] != '':
+ with open(manpages[man]['config'], 'r') as config_file:
+ config = format_as_markdown_verbatim(config_file.read())
- with open(template, 'r') as template_file:
- with open(config, 'r') as config_file:
- with open(output, 'w') as output_file:
+ with open(manpages[man]['template'], 'r') as template_file:
+ with open(manpages[man]['output'], 'w') as output_file:
contents = template_file.read()
- config = format_as_markdown_verbatim(config_file.read())
- output_file.write(contents.format(date=date, usage=usage, invocation=invocation, config=config))
+ output_file.write(contents.format(
+ date=date,
+ usage=usage,
+ invocation=invocation,
+ config=config))
# Process from CLI
if __name__ == "__main__":
=====================================
packages/onionprobe/config.py
=====================================
@@ -20,6 +20,7 @@
# Dependencies
import os
+import sys
import argparse
try:
@@ -31,7 +32,7 @@ except ImportError:
# The Onionprobe version string
# Uses Semantic Versioning 2.0.0
# See https://semver.org
-onionprobe_version = '1.4.0'
+onionprobe_version = '1.4.1'
# The base path for this project
basepath = os.path.join(os.path.dirname(os.path.abspath(__file__)), os.pardir, os.pardir) + os.sep
@@ -277,7 +278,14 @@ def cmdline_parser():
parser.add_argument('-e', '--endpoints', nargs='*', help='Add endpoints to the test list', metavar="ONION-ADDRESS1")
else:
- config[argument]['type'] = type(config[argument]['default'])
+ # Handle the type argument
+ if isinstance(config[argument]['default'], bool):
+ # Type argument became deprecated on Python 3.12, and was removed on Python 3.14
+ # Details at https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/116
+ if sys.version_info < (3, 12):
+ config[argument]['type'] = type(config[argument]['default'])
+ else:
+ config[argument]['type'] = type(config[argument]['default'])
if not isinstance(config[argument]['default'], bool) and config[argument]['default'] != '':
config[argument]['help'] += ' (default: %(default)s)'
=====================================
packages/onionprobe/metrics.py
=====================================
@@ -468,7 +468,7 @@ metrics = {
'onion_service_tls': Info(
'onion_service_tls',
- 'Register miscelaneous TLS information for a given Onion Service, ' + \
+ 'Register miscellaneous TLS information for a given Onion Service, ' + \
'such as version and ciphers',
['name', 'address', 'port'],
),
=====================================
renovate.json
=====================================
@@ -2,5 +2,8 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
- ]
+ ],
+ "git-submodules": {
+ "enabled": true
+ }
}
=====================================
setup.cfg
=====================================
@@ -1,6 +1,6 @@
[metadata]
name = onionprobe
-version = 1.4.0
+version = 1.4.1
url = https://onionservices.torproject.org/apps/web/onionprobe
author = Silvio Rhatto
author_email = rhatto at torproject.org
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/onionprobe/-/compare/99a7c3fa5a1663a5f5886f97632d3995a56e30ef...54b338175c89886482df308b613fd17b97e9dc16
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/onionprobe/-/compare/99a7c3fa5a1663a5f5886f97632d3995a56e30ef...54b338175c89886482df308b613fd17b97e9dc16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20251024/b3a6de59/attachment-0001.htm>
More information about the Pkg-privacy-commits
mailing list