Pin dependencies from homebrew package, fix travis

[anadahz]

Newest Twisted version breaks ooniprobe web GUI downgrading to a known
good version, related issues:

• Twisted 19.2.0 assumes http headers are of string type scrapy/scrapyd#311
• ooniprobe is not running and web interface fails to load decks and recent results TheTorProject/lepidopter#106

[hellais]

There seems to be a problem with the CI which is failing due to:

$ gpg --keyserver keyserver.ubuntu.com --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg: requesting key 886DDD89 from hkp server keyserver.ubuntu.com
gpg: packet(13) too large
gpg: read_block: read error: invalid packet
gpg: Total number processed: 0
gpg: no valid OpenPGP data found.
The command "gpg --keyserver keyserver.ubuntu.com --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89" failed and exited with 2 during .

This should be fixed before we merge this.

[bassosimone]

Just a request for information to better understand the diff :-)

[hellais]

I suggest, that if we would like to make a new release of OONI Probe legacy with these dependency changes, that the requirements.txt is updated to pin all the python deps to a specific "known to work" version.

A good reference for that could be the macOS homebrew package:
https://github.com/Homebrew/homebrew-core/blob/master/Formula/ooniprobe.rb

[hellais]

Quick and dirty onliner to extract the requirements.txt via this one-liner cat clean.txt| grep url | cut -d '/' -f8 | sed s/'.tar.gz"'// | awk -F '-' '{ print "$1 $2"}' (please double check this):

setuptools>=11.3

cffi==1.9.1
enum34==1.1.6
pyasn1==0.2.3
pycparser==2.17
appdirs==1.4.3
asn1crypto==0.21.1
attrs==16.3.0
Automat==0.5.0
certifi==2017.1.23
constantly==15.1.0
cryptography==1.8.1
GeoIP==1.3.2
idna==2.5
incremental==16.10.1
ipaddr==2.1.11
ipaddress==1.0.18
klein==17.2.0
packaging==16.8
Parsley==1.3
pyasn1-modules==0.0.8
pyOpenSSL==16.2.0
pyparsing==2.2.0
pypcap==1.2.2
pydumbnet==1.12.1
PyYAML==3.12
scapy==2.3.3
service_identity==16.0.0
six==1.10.0
Twisted==17.1.0
txsocksx==1.15.0.2
txtorcon==0.18.0
Werkzeug==0.12
zope.interface==4.3.3

[hellais]

Comparing #57 (comment) with requirements.txt in the repo I see missing: {'geoip', 'pydumbnet', 'service-identity', 'setuptools'} where service_identity and service-identity are the same thing. geoip is a parser error so you should double check the requirements.txt and pydumbnet is the only one actually missing, since in homebrew it comes from another package. setuptools I think we should not pin and just leave as-is since that is something that may break systems and it’s fine to use whatever the system has already.

[anadahz]

Thanks for looking into it.

pyasn1==modules

Should be pyasn1==modules-0.0.8

scapy==2.3.3.tgz

Small typo, correct: scapy==2.3.3

I will also compare with my install and try with these pinned dependencies.

[anadahz]

Cross checking in 2 different Linux installations.

pyasn1==0.2.3

This is a very low version, min encountered version: 0.4.4

certifi==2017.1.23

This is a very low version, min encountered version: 2018.8.24

ipaddr==2.1.11

Version: `2.2.0

klein==17.2.0

This is a very low version, min encountered version: 17.10.0

pyOpenSSL==16.2.0

This is a very low version, min encountered version: 18.0.0

PyYAML==3.12

Version: 3.13

scapy==2.3.3.tgz

Min encountered version Version: 2.4.0

Twisted==17.1.0

Min encountered version Version: 18.7.0

zope.interface==4.3.3

Min encountered version: 4.5.5

[hellais]

These linux installations you looked at had OONI Probe installed in which way?

If these installs were done with pip (I am assuming that is the case), then the dependencies will just be a result of the point in time in which you did the installation so I am not really sure it's useful to do this check this way.

My suggestion is we use the pinned versions in macOS (even if they are old, because they are tested by many active installs) and you check that with these versions it works without any problems on linux.

[anadahz]

These linux installations you looked at had OONI Probe installed in which way?

These are 2 active ooniprobe installations that submit daily measurements and are not be working well.

My suggestion is we use the pinned versions in macOS (even if they are old, because they are tested by many active installs) and you check that with these versions it works without any problems on linux.

I don't think that I can test this thoroughly. As you know we happen to find many issues much later in measurements.

Can you confirm that you current macOS installation runs with said dependencies?
@sbs Your tests will be also very useful here.

[bassosimone]

@anadahz brew install ooniprobe just works for me, i.e., it gives me a working binary.

[anadahz]

@anadahz brew install ooniprobe just works for me, i.e., it gives me a working binary.

Nice thanks, can you run a full ooniprobe cycle; all ooniprobe tests and check if there is anything that errors?

Travis still errors, I will a last test with the same dependencies as in the homebrew version.

[anadahz]

In dc8d861 I do version pinning according to the homebrew package versions, however this commit errors on dependency issues:

Installed /home/travis/virtualenv/python2.7.15/lib/python2.7/site-packages/certifi-2017.1.23-py2.7.egg
error: pyasn1 0.2.3 is installed but pyasn1<0.5.0,>=0.4.1 is required by set(['pyasn1-modules'])

@hellais Is homebrew doing a differente dependency check?

[hellais]

I do version pinning according to the homebrew package versions, however this commit errors on dependency issues:

You only pinned the direct dependencies. You need to pin both the direct and the indirect dependencies.
Put differently use the exact list of dependencies from homebrew (including those which are currently not in the requirements.txt) so that you don't have any unexpected results.

[bassosimone]

Thanks @anadahz for raising the issue and make this work again! For me, we can squash and merge!

[anadahz]

Testing it on a lepidopter.

[anadahz]

@hellais I guess this error is not related to the version of the dependencies?
@sbs Do you see a similar line in ooniprobe log?

[_GenericHTTPChannelProtocol,4,192.168.0.2] [!] No module named pcapy. Pypcap or dnet are not properly installed. Certain tests may not work.

The package versions as installed in the base system:
dpkg -l libpcap-dev libgeoip-dev libdumbnet-dev libffi-dev libssl-dev

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name             Version         Architecture Description
+++-================-===============-============-========================================================
ii  libdumbnet-dev   1.12-6          armel        A dumb, portable networking library -- development files
ii  libffi-dev:armel 3.1-2+deb8u1    armel        Foreign Function Interface library (development files)
ii  libgeoip-dev     1.6.2-4         armel        Development files for the GeoIP library
ii  libpcap-dev      1.6.2-2         all          development library for libpcap (transitional package)
ii  libssl-dev:armel 1.0.1t-1+deb8u8 armel        Secure Sockets Layer toolkit - development files

pip list

Package          Version  
---------------- ---------
appdirs          1.4.3    
asn1crypto       0.21.1   
attrs            16.3.0   
Automat          0.5.0    
certifi          2017.1.23
cffi             1.9.1    
chardet          2.3.0    
constantly       15.1.0   
cryptography     1.8.1    
enum34           1.1.6    
fte              0.1.3    
fteproxy         0.2.19   
GeoIP            1.3.2    
hyperlink        18.0.0   
idna             2.5      
incremental      16.10.1  
ipaddr           2.1.11   
ipaddress        1.0.18   
keyrings.alt     3.1.1    
klein            17.2.0   
mutagen          1.40.0   
obfsproxy        0.2.13   
ooniprobe        2.3.0    
packaging        16.8     
Parsley          1.3      
pip              18.1     
pyasn1           0.2.3    
pyasn1-modules   0.0.8    
pycparser        2.17     
pycrypto         2.6.1    
pydumbnet        1.12.1   
PyGObject        3.30.4   
PyHamcrest       1.9.0    
pyOpenSSL        16.2.0   
pyparsing        2.2.0    
pypcap           1.2.2    
pyptlib          0.0.6    
pyxdg            0.25     
PyYAML           3.12     
scapy            2.3.3    
service-identity 16.0.0   
setuptools       40.8.0   
six              1.11.0   
speedtest-cli    0.3.1    
Twisted          17.1.0   
txsocksx         1.15.0.2 
txtorcon         0.18.0   
Werkzeug         0.14.1   
wheel            0.32.3   
zope.interface   4.3.3  

[bassosimone]

@anadahz what do you want me to do to test it? I've manually run web_connectivity and now I am running the agent and checking its logs. Anything else?

[anadahz]

@anadahz what do you want me to do to test it? I've manually run web_connectivity and now I am running the agent and checking its logs. Anything else?

@sbs thanks! I think this suffices as a test, did you see any errors?

I 'm also testing this on lepidopter and don't see any issues apart from the error mentioned in #57 (comment) .

[bassosimone]

[...] did you see any errors?

Nope. The usual situation that a Tor circuit was not okay and a request was retried. This happens some times when using OONI via Tor, but, apart from that, all looked like okay.

[anadahz]

@bassosimone Great, LGTM?

[bassosimone]

@anadahz I noticed that we are pinning a specific version of Twisted. Yet, IIRC, the Travis script builds with many Twisted versions.

My understanding is that this has now become not so useful, because of the pinning. Do you agree? Can you perhaps also reduce the unnecessary builds in such case?

[anadahz]

@sbs The extra versions are currently not used (because of dependencies pinning). I removed them, thanks for checking out!

[bassosimone]

@anadahz thanks for your work. I'll merge this tomorrow.

[hellais]

Thanks for working on this.

It may be useful as a checklist for testing to look at: https://github.com/ooni/spec/blob/master/attic/probe-legacy-release-procedure.md.

I should also point out how with this fix (which I do think is the right thing to do) we may run into issues if we care to update OONI Probe pacakges (which Id on't think we do) since we are pinning the dependencies to a specific version which may not be the packaged version a particular distro.

@anadahz As a heads up, I find it best to not force push when working on a PR that others are looking at. You can always squash at the end when merging, but it's useful to see the individual commits in the PR to know what changed since you last looked at it.

In any case if you folks have done some testing of this on macOS, linux and lepidopter, I think it can be merged.

[anadahz]

@hellais thanks for reminding us the release procedure guidelines.

From my side it's OK to be merged.

[hellais]

@anadahz did you go through the testing checklist on linux and lepidopter: https://github.com/ooni/spec/blob/master/attic/probe-legacy-release-procedure.md#testing?

[anadahz]

@anadahz did you go through the testing checklist on linux and lepidopter: https://github.com/ooni/spec/blob/master/attic/probe-legacy-release-procedure.md#testing?

@hellais Isn't this what Travis does?

[hellais]

Isn't this what Travis does?

No travis only does the unit tests on a specific ubuntu version. Automated testing is not a full replacement for manual testing.

[anadahz]

I'm going to investigate a bit further the following error (mention in #57 (comment)) and see if I can fix it:
[_GenericHTTPChannelProtocol,4,192.168.0.2] [!] No module named pcapy. Pypcap or dnet are not properly installed. Certain tests may not work.

[anadahz]

[_GenericHTTPChannelProtocol,4,192.168.0.2] [!] No module named pcapy. Pypcap or dnet are not properly installed. Certain tests may not work.

It seems that pypcap vesion 1.2.2 produces this error.
All pypcap versions >= 1.1.5 < 1.2.2 didn't complain about the pcapy module.

[bassosimone]

@anadahz How do I test this pypcap issue? I was leaning towards merging but then I realised there are already open issues plus I feel like I am not super familiar with this codebase so I am not sure whether I can assess if all is okay. I'll try to follow the checklist posted by @hellais when I have some time 🤞

[anadahz]

@anadahz How do I test this pypcap issue?

@sbs Could you please provide the output of the following commands?:

# brew info libdnet
# brew info libpcap
# /usr/local/Cellar/ooniprobe/2.3.0/libexec/bin/pip list
# sudo /usr/local/Cellar/ooniprobe/2.3.0/libexec/bin/ooniprobe -n manipulation/traceroute

[bassosimone]

@anadahz

libdnet

$ brew info libdnet
libdnet: stable 1.12 (bottled)
Portable low-level networking library
https://github.com/dugsong/libdnet
/usr/local/Cellar/libdnet/1.12 (30 files, 378.3KB) *
  Poured from bottle on 2019-04-16 at 15:52:45
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/libdnet.rb
==> Dependencies
Build: autoconf ✔, automake ✔, libtool ✔
Required: python@2 ✔
==> Analytics
install: 2,194 (30 days), 6,152 (90 days), 31,410 (365 days)
install_on_request: 1,616 (30 days), 4,462 (90 days), 24,249 (365 days)
build_error: 0 (30 days)

libpcap

$ brew info libpcap
libpcap: stable 1.9.0 (bottled), HEAD [keg-only]
Portable library for network traffic capture
https://www.tcpdump.org/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/libpcap.rb
==> Options
--HEAD
	Install HEAD version
==> Caveats
libpcap is keg-only, which means it was not symlinked into /usr/local,
because macOS already provides this software and installing another version in
parallel can cause all kinds of trouble.

==> Analytics
install: 2,565 (30 days), 7,654 (90 days), 29,672 (365 days)
install_on_request: 806 (30 days), 2,281 (90 days), 10,970 (365 days)
build_error: 0 (30 days)

pip

$ /usr/local/Cellar/ooniprobe/2.3.0/libexec/bin/pip list
Package          Version  
---------------- ---------
appdirs          1.4.3    
asn1crypto       0.21.1   
attrs            16.3.0   
Automat          0.5.0    
certifi          2017.1.23
cffi             1.9.1    
constantly       15.1.0   
cryptography     1.8.1    
dnet             1.12     
enum34           1.1.6    
GeoIP            1.3.2    
idna             2.5      
incremental      16.10.1  
ipaddr           2.1.11   
ipaddress        1.0.18   
klein            17.2.0   
ooniprobe        2.3.0    
packaging        16.8     
Parsley          1.3      
pip              18.0     
pyasn1           0.2.3    
pyasn1-modules   0.0.8    
pycparser        2.17     
pyOpenSSL        16.2.0   
pyparsing        2.2.0    
pypcap           1.2.2    
PyYAML           3.12     
scapy            2.3.3    
service-identity 16.0.0   
setuptools       40.2.0   
six              1.10.0   
Twisted          17.1.0   
txsocksx         1.15.0.2 
txtorcon         0.18.0   
Werkzeug         0.12     
wheel            0.31.1   
zope.interface   4.3.3    
You are using pip version 18.0, however version 19.2.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

manipulation/traceroute

$ sudo /usr/local/Cellar/ooniprobe/2.3.0/libexec/bin/ooniprobe -n manipulation/traceroute
Password:
Not reporting using a collector
Looking up your IP address via ubuntu
Found your IP via a GeoIP service
Starting Tor
5%: Connecting to a relay
10%: Connected to a relay
14%: Handshaking with a relay
14%: Handshaking with a relay
15%: Handshake with a relay done
20%: Establishing an encrypted directory connection
25%: Asking for networkstatus consensus
30%: Loading networkstatus consensus
40%: Loading authority key certs
45%: Asking for relay descriptors
50%: Loading relay descriptors
51%: Loading relay descriptors
52%: Loading relay descriptors
53%: Loading relay descriptors
55%: Loading relay descriptors
59%: Loading relay descriptors
63%: Loading relay descriptors
68%: Loading relay descriptors
75%: Loaded enough directory info to build circuits
80%: Connecting to a relay to build circuits
85%: Connected to a relay to build circuits
89%: Finishing handshake with a relay to build circuits
90%: Handshake finished with a relay to build circuits
95%: Establishing a Tor circuit
100%: Done
Tor has started
Looking up collector and test helpers with http://nkvphnp3p6agi5qq.onion
Setting collector and test helpers for traceroute
Running TCP traceroute towards 37.218.247.110
This will take about 57.2 seconds
Running ICMP traceroute towards 37.218.247.110
This will take about 57.2 seconds
Running UDP traceroute towards 37.218.247.110
This will take about 57.2 seconds

Status
------
1/3 completed
33.3% (ETA: 0s)

Status
------
2/3 completed
66.7% (ETA: 0s)

Status
------
3/3 completed
99.0% (ETA: 1s)
Report ID: 6nwHwnou4pRCwX05DoosDAvAsOhzNaL4ktwGpfn5MK56yxbUZ8Cww9NZSz4yxEmx

---

All seems to be WAI.

[anadahz]

@sbs Thank you for posting the package versions.
This is now good to be merged.

[hellais]

It’s still unclear to me what application level testing has been done on this branch.

My suggestion would be to make a checklist of what has been tested WRT application functionality.
This document could be a good starting point: https://github.com/ooni/spec/blob/master/attic/probe-legacy-release-procedure.md.

For example it’s useful to confirm that the pypcap bug is fixed, that the tests that require scapy run as expected.

[anadahz]

@hellais Please follow the discussion on this PR (#57).

TL;DR

• The bug in pypcac has been fixed in e1481e6
• Testing after fixing the bug has been confirmed in Pin dependencies from homebrew package, fix travis #57 (comment)
• All changes, fixes and additions are listed in the commits logs

[anadahz]

Testing pull request #57

Here you can find the tests used to verify that the python version of ooniprobe works as expected.

Lepidopter issue report

The issue has been first identified in
TheTorProject/lepidopter#106

A quick fix has been issued and the OP of the issue was able to run the python version of ooniprobe successfully. Exact details of the fix can be found here, here and here

This pull request #57

I opened a pull request to fix the issue identified in: TheTorProject/lepidopter#106

Fixing Travis issues

Due to an unrelated issue (CVE-2019-13050) Travis was failing so I issued a fix in: b4efb6a
During the work of fixing Travis I made some further improvements to the Travis CI script with the encouragement and guidelines of @hellais and @sbs .

In summary the changes to Travis CI:

• Instruct Travis to manually fetch the gpg public key from
  deb.torproject.org as the archive signing key stored on the keyserver is
  subject to (CVE-2019-13050).
• Remove docker as it's not currently used
• Switch to Ubuntu Xenial in Travis as Ubuntu Trusty is not a supported
  release by torproject Debian repository.
• No need for multiple version tests, dependencies pinned to a specific
  version

Working towards a uniform OONI Probe legacy release

Upon discussion with @hellais we decided that is better to pin all dependencies so that we can minimize all errors that may introduced by new versions of the dependencies, the result upon multiple discussions and PR comments can be found here: b4efb6a

Package pcapy bug

During my tests with different package versions, I encountered another bug:

[!] No module named pcapy. Pypcap or dnet are not properly installed. Certain tests may not work.

Steps taken to identify and fix the pcapy package bug:

• Installed and tested different versions of system package dependencies: libdumbnet-dev, libdumbnet1
• Installed and tested different versions of pypcap: 1.1.5, 1.2.0, 1.2.1 and 1.2.2

The fix is to pin the version of pypcap to 1.2.1, a know good working version that resolves *nix version that report:

No module named pcapy.

The commit to the fix can been found in e1481e6

Testing ooniprobe

During the bug fixing the following tests took place.

Standalone tests

• ooniprobe -n manipulation/traceroute
• ooniprobe -n manipulation/http_header_field_manipulation
• ooniprobe -n web_connectivity --url https://www.example.com

Deck tests

• ooniprobe -n -i /usr/share/ooni/decks-available/http-invalid.yaml
• ooniprobe -n -i /usr/share/ooni/decks-available/im.yaml
• ooniprobe -n -i /usr/share/ooni/decks-available/tor.yaml

Running in production with lepidopter

Running the package versions defined in https://github.com/ooni/probe-legacy/pull/57/commits doesn't seem to bring any issues.
Furthermore the log files located in /var/log/ooni/ (ooniprobe.log) do not reveal any signs of issues or incompatibilities.

[hellais]

@anadahz thanks for detailing what you did to test the app. This is useful!

Package pcapy bug
During my tests with different package versions, I encountered another bug:

Did you understand what was causing this issue with pypcap?

If you have a way to reproduce the bug in a minimal way it would be useful to file an issue here too: http://github.com/pynetwork/pypcap/.

I think this PR can now be merged.

[anadahz]

Did you understand what was causing this issue with pypcap?

Specific (newer) versions of pypcap have introduced this (as it seems from #57 (comment)) *nix specific bug.

If you have a way to reproduce the bug in a minimal way it would be useful to file an issue here too: http://github.com/pynetwork/pypcap/.

1. Install Debian Jessie
2. Install ooniprobe
3. Install pypcap vesion 1.2.2
4. Run ooniprobe -n manipulation/traceroute

[hellais]

Specific (newer) versions of pypcap have introduced this (as it seems from #57 (comment)) *nix specific bug.

It's not clear to me from that comment that it's a *nix bug or even specific to that version of pypcap (@bassosimone is using pypcap 1.2.2 on macOS without any issues).

What version of libpcap do you have on debian? I believe we dropped support for libpcap 1.0 in pypcap recently (see: pynetwork/pypcap#86), so that may be problem.

[anadahz]

It's not clear to me from that comment that it's a *nix bug or even specific to that version of pypcap (@bassosimone is using pypcap 1.2.2 on macOS without any issues).

I consider macOS to not be *nix and this is @bassosimone cannot reproduce the pcapy bug.

What version of libpcap do you have on debian?

# dpkg -l |grep libpcap

ii  libpcap-dev                          1.6.2-2                          all          development library for libpcap (transitional package)
ii  libpcap0.8:armel                     1.6.2-2                          armel        system interface for user-level packet capture
ii  libpcap0.8-dev                       1.6.2-2                          armel        development library and header files for libpcap0.8

[hellais]

I consider macOS to not be *nix

lol, ok....

ii libpcap-dev 1.6.2-2 all development library for libpcap

I guess some more work on debugging this issue would be needed, but it's probably out of scope for this PR.

[anadahz]

I guess some more work on debugging this issue would be needed, but it's probably out of scope for this PR.

Sure, feel free to mention me on an issue/ticket so that we can investigate it.

@hellais Thanks for reviewing this PR.

[bassosimone]

@anadahz:

I consider macOS to not be *nix

Why is that?