essandess / macos-fortress Goto Github PK

Trying to install on a clean-ish system[*] I met several issues that needed a manual fix.

@essandess: As you wrote in the homebrew pull request "I personally run the install script on all new boxes I configure/reconfigure, and it’s been bulletproof for me", I understand it is thoroughly tested. Could it be that you run it against a non-standard macOS installation, and/or from a repo/cache/proxy/mirror that does not reflect recent upstream changes (or is simply not fully in sync with this repo), and/or on systems different from standard 10.13.6? Some issues make me think in that direction (gnupg deprecated, ./easylist-pac-privoxy/ empty, no squid.conf.default).

But why python and squid (and maybe privoxy) required manual port install … is unclear to me. My system may be not so clean after all...

[*]

• macOS 10.13.6. Was a 10.13.x test installation (with network, printer, and computer settings via Migration Assistant from my production installation, but not Applications, Users, Other files) updated with the Install Mac OS app
• Xcode 9.4.1 and latest command line tools
• MacPorts base version 2.5.3 via installer .pkg
• minimal drivers and some UI enhancements

FWIW, here are the fixes, maybe saving someone some headache.

At first run, a prompt to run xcode-select --install
=> did so

"xcode-select: error: command line tools are already installed, use "Software Update" to install updates"

Only at first run, so maybe xcode needed something to register first?

'/Users/test/.local/bin' is not on your PATH.
For best results, please add it to the beginning of PATH in your profile.

=> Done. Maybe not necessary?

Error: gnupg has been deprecated. If you absolutely want to stay on the classic version, install the gnupg1 port. All other users are recommended to install gnupg2.

=> sudo port install gnupg2
Error remains in later runs of the install script, but later in the script gpg actions are done OK => ignored hereafter.

Selecting 'python36' for 'python3' failed: The specified group 'python3' does not exist.

=> No Python? -- Test:
port installed python, port installed python3, port installed python36, all return

None of the specified ports are installed.

python --version

Python 2.7.10

Only the standard Apple version. Specified python was not installed by install script. Reason unclear.
=> sudo port install python36, sudo port select --set python python36, sudo port select --set python3 python36

rsync: link_stat "/Users/test/Desktop/macOS-Fortress-master-port-essandess-2018-07-20/easylist-pac-privoxy/adblock2privoxy/adblock2privoxy*" failed: No such file or directory (2)

./easylist-pac-privoxy/ is empty.
=> searched, downloaded and copied adblock2privoxy-master into easylist-pac-privoxy and renamed it to adblock2privoxy

[…lots of ghc-related errors and warnings…]

=> ignored for now.

install: /opt/local/etc/squid/squid.conf.default: No such file or directory

=> renamed the existing squid.conf to squid.conf.default.

chown: privoxy: illegal group name

=> set via System preferences and have an additional user home folder -- naaaahh.
=> sudo port install privoxy (privoxy @3.0.26) (forgot to test if privoxy had been installed at all)

install: ./easylist-pac-privoxy/easylist_pac.py: No such file or directory

=> searched and download easylist-pac-privoxy and copied its contents (!) except the empty folder (adblock2privoxy) to ./easylist-pac-privoxy/

Error: Failed to load squid: Launchd plist /Library/LaunchDaemons/org.macports.Squid.plist was not found

=> No Squid installed? -- Test:
port installed squid, port installed squid3 both return

None of the specified ports are installed.

Squid was not installed. Reason unclear.
=> sudo port install squid3
=> maybe remains of pre-existing squid? port -f activate squid3 to force the activation.

missing header for unified diff at line 3 of patch

Maybe nonconsequential? Next line says:

patching file /opt/local/etc/squid/squid.conf

/Users/test/Library/LaunchAgents/org.opensource.flashcookiedelete.plist: Service is disabled

????

Finally:

---> Loading startupitem 'Squid' for squid
---> Loading startupitem 'Privoxy' for privoxy

So, I runned the script, and the last lines where...
/System/Library/LaunchDaemons/org.apache.httpd.plist: service already loaded missing header for unified diff at line 3 of patch patching file /opt/local/etc/squid/squid.conf missing header for unified diff at line 3 of patch patching file /opt/local/etc/privoxy/config install: /opt/local/etc/privoxy/match.all: No such file or directory /usr/bin/diff: /opt/local/etc/privoxy/match.all: No such file or directory /usr/bin/diff: ./match.all: No such file or directory missing header for unified diff at line 3 of patch patching file /opt/local/etc/privoxy/user.action cp: /etc/hosts: No such file or directory install: ./privoxy-adblock/privoxy-adblock.sh: No such file or directory /Users/ForgottenPlayer/Library/LaunchAgents/org.opensource.flashcookiedelete.plist: Service is disabled

And right now, I don't know how I could test, if the proxy is working... When visiting "localhost/proxy.pac", it gives connection refused, so I configured the "Automatic Proxy Config" to "/Users/ForgottenPlayer/osxfortress/proxy.pac"
When I set the proxy settings to port 8118, privoxy works, I can visit p.p, but when I change it to 3128, I get "ERR_PROXY_CONNECTION_FAILED"

Right know, I don't know what is failing... (Or working)

Hello, so after my latest issue, I fixed my apache configuration (by basically, resetting everything).
My proxy.pac is is working, I have set up the automatic proxy config, based on "127.0.0.1/proxy.pac"
Now, I cannot access p.p.
I was wondering, how I can test everything is working?
PD: Both privoxy & squid, seem to be running
PD2: If I set manually the http proxy to 3128, it seems on squid's access.log, that is working, but after some correct results, it starts to make weird TCP_MISS_ABORTED, and doesn't let me into webpages, or only few.

There is an interesting list of hosts to block at https://github.com/StevenBlack/hosts.
A rough comparison of its basic Unified hosts = (adware + malware) list with hpHosts shows little overlap (barring a really dumb mistake):
hpHosts: 521k unique hosts
Black: 51k unique hosts
In both lists: 9.2k hosts
Adding the feature to merge Black's list would add more protection, and allow even a thematic blocking for fakenews, gambling, porn, social media for those who want this (e.g., the kid's laptop).

Hello and first of all let me say thank you for your work on this project.

I've been trying to get this up and running and have hit a snag. I've run the installer, but it seems I am having some issues getting privoxy online. Based on the previous issues I have confirmed that it is not running (lsof -i ':8118' returns nothing, ps -ef | grep privoxy returns the query itself). Attempting to start it manually returns nothing, but no process running; manually starting it with --no-daemon however seems to finally shed some light on what is happening:

2017-04-05 18:24:34.991 7fffb076c Info: Privoxy version 3.0.26 2017-04-05 18:24:34.991 7fffb076c Info: Program name: /opt/local/sbin/privoxy 2017-04-05 18:24:34.998 7fffb076c Fatal error: can't load re_filterfile '/opt/local/etc/privoxy/easylist.script.filter': No such file or directory

For some reason in the extracted osxfortress-master folder I see nothing within the privoxy-adblock directory, so from GitHub I grab the shell script and run it. There is a typo on line 114 (the call for $sedcmd is missing the final d), once corrected I still get a small error while starting privoxy:

2017-04-05 18:27:33.388 7fffb076c Fatal error: can't load actions file '/opt/local/etc/privoxy/easylist.script.action': line 1 should begin with a '{': -e { +block{easylist} }

A quick google search for an example of the file more or less shows the same contents just without the leading -e so I manually edited it and that seems to resolve things (I won't even pretend to understand the syntax of sed, but it seems that there might be a small issue with the command that adds the leading -e). In any case, privoxy now seems to start (lsof and ps both list it) however I am still unable to access it by trying to visit the p.p page. I've tried it both with and without the "Automatic Proxy Configuration" option enabled on my network connection, though I don't think that that would make much of a difference. I am sort stuck here and not sure where to proceed next now that it seems to be running, maybe possibly.

I'll be the first to admit that I am not exactly a proficient coder, though I think I am able to follow along with a process fairly well (see debugging, at least of typos, done above). Maybe there is something that I'm missing and I'll end up in a much better place after a /facepalm moment.

Hi, I really appreciate this project and was able to get it up and running with minimal snags. However, would you be interested in providing an uninstall script that could be used to revert your settings to pre-installation values. I think it might have some interest for Users who experience unintended consequences of enabling this level of blocking.
Cheers!

But I guess that is not possible until all deps are available as arm64 too, right?

sudo port install macos-fortress

Password:
--->  Computing dependencies for macos-fortress
Error: Cannot install macos-fortress-proxy for the arch 'arm64' because
Error: its dependency adblock2privoxy only supports the arch 'x86_64'.
Error: Follow https://guide.macports.org/#project.tickets if you believe there
is a bug.
Error: Processing of port macos-fortress failed

Hello,

Thanks for putting this together!

I was reading through the readme-and-install.sh and noticed the use of macports? Is there a technical reason for this choice over homebrew? Or is it a personal choice?

In trying to understand some of the pros/cons of macports vs homebrew. One of the issues I found is it seems that macports requires the use of sudo, and homebrew does not.

It seems like homebrew could be considered marginally safer in that regard, do you have any thoughts on this?

Thanks,
-- Arron

$ cat opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/main.log | grep -i fail

:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:info:build base-compat > [ 9 of 112] Compiling Control.Monad.Fail.Compat
:info:build base-compat > [ 10 of 112] Compiling Control.Monad.Fail.Compat.Repl
:info:build Cabal > [ 5 of 234] Compiling Distribution.Compat.MonadFail
:info:build aeson > 800 | withBoundedScientific_ whenFail f v@(Number scientific) =
:info:build aeson-compat > 119 | import Data.Aeson.Types (Parser, modifyFailure, typeMismatch, defaultOptions)
:info:build mustache > Deprecated: "Please use decodeEither' or decodeThrow, which provide more useful failures"
:info:build Process exited with code: ExitFailure 1
:info:build Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/stack-2.5.1" && /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/bin/stack build --with-gcc /usr/bin/clang --allow-different-user
:error:build Failed to build stack: command execution failed
:debug:build Backtrace: command execution failed
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:info:build Process exited with code: ExitFailure 1
:info:build Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/stack-2.5.1" && /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/bin/stack build --with-gcc /usr/bin/clang --allow-different-user
:error:build Failed to build stack: command execution failed
:debug:build Backtrace: command execution failed

is there any hope for a linux version of this ? :D