An APAF Application target mainly end-users.

On Mac OS X there is the new Mac OS X Application Store that, starting from Lion, will limit download to application on apple store that are digitally signed.

That's a strong platform security improvement for Mac OS X, but also introduce headache to application developers willing to distribute to Mac OS X users an application trough App Store.

This ticket is about to collect information on how to make APAF application Apple App Store Friendly, introduce all the required dependency to make it working on App Store and provide howto/instruction to Application Developer on how to build and submit it.

Apaf should provide a built-in browser functionality that, after application startup, open a window-less browser UI to the APAF web application management interface.

This functionality maybe provided trough an existing platform support.

The embedded browser UI would provide to the end-user the look and feel of a native UI application, by providing directly access to the localhost available Apaf application.

The embedded browser technology to be used, should, whenever possible, use the platform's support, for example:

• On Mac OS X the default WebKit component (trough PyObjC)

Such embedded browser should guarantee that:

• communication only authorized/defined hosts, by default only localhost.
• no logging policy is enforced
• no caching policy is enforced

it just act as UI for apaf application.

By following this approach the design of APAF application will be just done as a standard web applications, without the need for the developer to learn "desktop specific" UI languages.

When I try and access the details page of an APAF service I get the following error:

2012-11-21 12:45:13+0100 [HTTPConnection,1,127.0.0.1] [Failure instance: Traceback: <type 'exceptions.TypeError'>: string indices must be integers, not str
//local/lib/python2.7/site-packages/cyclone/web.py:958:_execute
//local/lib/python2.7/site-packages/twisted/internet/defer.py:290:addCallbacks
//local/lib/python2.7/site-packages/twisted/internet/defer.py:551:_runCallbacks
//local/lib/python2.7/site-packages/cyclone/web.py:968:_execute_handler
--- ---
//local/lib/python2.7/site-packages/twisted/internet/defer.py:134:maybeDeferred
//local/lib/python2.7/site-packages/cyclone/web.py:1745:wrapper
//../apaf/panel/handlers/html.py:75:get
//local/lib/python2.7/site-packages/cyclone/web.py:457:render
//lib/python2.7/site-packages/cyclone/web.py:575:render_string
//local/lib/python2.7/site-packages/cyclone/template.py:262:generate
serviceinfo_html.generated.py:48:_execute
]

Steps to reproduce:

Login through the web panel, then go to: http://127.0.0.1:5517/services.html?service=panel

This ticket is about implementing support for publishing and APAF's build application on the Ubuntu Application Market http://developer.ubuntu.com/publish/

This may require some coding and some documentation / procedures.

Apaf should provide within it's own build-system a way to easily package the osx application within a DMG format.

This follow the same ticket as the Tor Project one https://trac.torproject.org/projects/tor/ticket/4261 .

Apaf should provide a facility to optionally enable DMG build and to configure the right icon to be show to the end-user.

This Ticket for the implementation of support in APAF, to document and facilitate the signing of resulting PE executable with a X509v3 digital certificate following apple code signing guidelines https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html .

The Signing verification must work on:

• Mac OS X 10.6
• Mac OS X 10.7
• Mac OS X 10.8

cc @hellais @mmaker @mogui

In order to prevent attacks against software distribution (http://hyper.to/blog/link/attack-scenarios-software-distribution/) it's useful for security reason to introduce Build Determinism (http://www.conifersystems.com/2008/10/17/build-determinism/
) for APAF applications, in particolar for Windows and OSX.

Also Tor Project is looking at Build Determinism https://trac.torproject.org/projects/tor/ticket/3688 .

The Build Determinism is currently not required for Linux/Debian packaging, but focus Windows and Mac OS X users.

It must be analyzed whenever:

• py2app create deterministic build on OSX
• py2exe create deterministic build on Windows

In case it does not build deterministic build, it must be analyzed which kind of differences are in binary-diff and how to handle it.

Running on fedora 17 inside a virtualenv, here are the instructions for replicating:

(install virtualenv, virtualenvwrapper -- yum install python-virtualenv python-virtualenvwrapper)
mkvirtualenv VIRTUAL_ENVIRONMENT (will automatically activate this virtualenv)
(install dependencies and apaf)
cd /path/to/APAF; python apaf/main.py

APAF starts with this message:

(timestamp) [-] 'Cannot import service zinniablog'

Since this package is a package that can be built with APAF it should not be a hard coded dependency.

This ticket is to propose and describe a feature to secure the data of the application built with APAF.

Every APAF application will have it's own databases and, given that it is focusing on Desktop environment, it would mostly uses sqlite.
APAF does provide an anonymous and security framework for the application built with it.

It is valuable to provide to Apaf's applications developers an easy support to have storage encryption.

Storage encryption will provide greatly simplified protection of data on the APAF's application computer in case of computer theft or seizure, without the need to deal with filesystem encryption tools.

APAF application developer should be provided a set of API to facilitate:

• The creation of one or more database for uses by APAF application
• The security policy for uses of that secure database
  • encrypted
  • clear
• The security policy for uses of the secure database
  • keep password stored and unlock automatically
  • use a temporary random password (for volatile, temporary databases)
  • ask via web for database unlock password
• A way to load the database and/or unlock it and/or query it's status

It will be up to the APAF application to decide at first run, and all subsequent startup, to ask to load it's databases, if in clear or encrypted format.

The proposed technology for implementation of a Secure Database is Sqlite + Sqlcipher (http://sqlcipher.net/) .

The encryption of the databases will be done trough a dedicated key file, that must be encrypted with the unlock password for the database.
The use of a key files, is to allow in future possibly easy implementation of self-destruction functionalities targeting database key files, rather than just data.

The creation of a "temporary database" will be done with a random password, to be kept only in RAM memory, and that will be deleted at next Application restart.
This is useful for temporary data storage that may require structured data, but that the application developer want to be "volatile" and self-destroy at each application restart.

Making the data file for the application available via APAF's API, would allow in future much more easier implementation of secure data-backup/data-restore functionalities from within APAF framework.

Ask for review/opinion to @hellais @mmaker @vecna @evilaliv3 @ioerror @KAepora

This ticket is about implementing support for Ubuntu Unity Application Indicator http://unity.ubuntu.com/projects/appindicators/ .

An Apaf application, and APAF itself, should be able to easily register on the Unity Application indicator, providing menus like for
issues #9 and #10 .

When I try to access a page that requires authentication and the login succeeds I do not get redirected to the page I was visiting. Instead I get brought back to / that contains the "Hello World" message.

Apaf should provide a splash screen functionality, that can be enabled by the developer, and used to provide a nice splash screen of the application at it's startup operations.

The splash screen functionality must be initially available on Windows.

An howto for the branding of Apaf application should be available explaining:

Specification of image formats for Windows to be used for splash screen
How to convert a standard image to that size for Windows
The splash screen may contain additional dynamic information on the application startup process, that the developer can feed with useful startup information.

It must be supported on the following platforms:

• Ubuntu Desktop 12.04

When an Apaf Service is deployed under linux, it's possible and easier to gain a lot of security features.

This ticket is to support the implementation of many security features in a configurable way for Apaf Services:

Chroot and Uid/Gid

Twisted support by default chroot by command line, it must be evaluated whenever it's better to chroot by twistd command line or from within the application.

Twisted support the following cmdline switch http://linux.die.net/man/1/twistd :

--chroot Chroot to a supplied directory before running (default: don't chroot). Chrooting is done before changing the current directory.
-u, --uid The uid to run as. (default: don't change)
-g, --gid The gid to run as. (default: don't change)

Some good info on that are available on http://www.tsheffler.com/blog/?p=526

Please notices that handling of Chroot environment require all the third party applications used by the Service to be reachable/usable from within the chroot and it may require particular care by design in implementing third-party dependent features (thinking about using GPG to encrypt file and/or email?).

Secure Computing Mode

Linux Kernel introduce Secure Computing Mode.
After the secure computing mode has been set to True, the only system calls that the thread is permitted to make are read(), write(), _exit(), and sigreturn(). Other system calls result in the delivery of a SIGKILL signal.

It is implemented by prctl.set_seccomp(mode) with package PRCTL available on http://packages.python.org/python-prctl/

Provide a facility for apaf application developer and apaf itself to send via email all exceptions and critical errors generated by the application.

Any unhandled exception from Python should be sent via email.

This feature must be configurable and depends on email sending functionality .

The exception sending must be able to exploit the secure email functionality of APAF.

Problem: Setting up cross-platform development require complex build platform, different build servers and the ability to re-create and environment from a clean machine. That's additionally required in order to bugfix the buildsystem itself and facilitate other people's setup of development environment.

Solution: To create a build system, put it in production and create all the documentation required to set it up

This ticket document the creation of the project "Anonymous Python Application Framework Project Plan" available on google docs as a draft at https://docs.google.com/document/d/1BlwHFsgL-CqWGt3jZ7eqme67z3Fb1_eQO_9wL2_9Fw4/edit

Apaf come bundled as a directory including all the software required to run it properly.

On Mac OS X, all the application bundle are already a directory, so that the end user perceive it as a desktop application and can drag-n-drop it where he need to run.

However on Windows it's a little bit more tricky, as the user expect to download a single .exe (the apaf installer), click on it and have the application ready.

Apaf should provide within it's build-system a facility to "package" the windows application as a single .exe with the apaf application icon.

When the user download it and click on it, it should automatically:

• extract to the current directory with the apaf application name
• startup the application inside the apaf application directory
• in case the application is already extracted, directly startup the apaf application inside the apaf application directory

This would provide a valuable end-user experience reducing the amount of "clicks" required to startup an apaf application on windows.

Looking at https://github.com/globaleaks/APAF/blob/master/apaf/build.py, it appears that the download uses urrlib that does not verify SSL certificates and the function for verifying the signature of the binary always returns true.

I suggest we have the public key fingerprint of the people signing packages hardcoded inside of the source (or in some other part of the software, but we ship with it).

We should also bundle a set of SSL roots that are trustworthy and be sure that proper SSL verification is being done.

When I access the control panel of APAF I get displayed the string "Hello World". There is not indication in such page that the actual interesting stuff is on 127.0.0.1:PANEL_PORT/index.html.

We should redirect the user that visits 127.0.0.1:PANEL_PORT to /index.html or serve them the content of that page.

Automate installation of system requirement for the APAF development environment setup for Windows

Following the guide available on https://github.com/mmaker/APAF/wiki/Build-System-HowTo

The resulting environment should automate the download, installation and setup of all dependencies, including patching of broken/buggy packages.

This is a requirement for ooniprobe and it should be part of APAF:

Here is the ticket on the trac page:

https://trac.torproject.org/projects/tor/ticket/7557

Currently APAF run as a long command line over twisted on Linux and OSX (even if packaged with .app).
So when you make a "ps -auxw" you see a long command line for which APAF application is started.

This ticket is to make the APAF process name appear like "APAF Service", like any other standalone daemon.

To do that we can use Setproctitle http://pypi.python.org/pypi/setproctitle .

Apaf should provide a built-in browser functionality that, after application startup, open a window-less browser UI to the APAF web application management interface.

This functionality maybe provided trough an existing platform support.

The embedded browser UI would provide to the end-user the look and feel of a native UI application, by providing directly access to the localhost available Apaf application.

The embedded browser technology to be used, should, whenever possible, use the platform's support, for example:

• It must be analyzed which kind of platform framework to use for Ubuntu Unity compatibility

Such embedded browser should guarantee that:

• communication only authorized/defined hosts, by default only localhost.
• no logging policy is enforced
• no caching policy is enforced

it just act as UI for apaf application.

By following this approach the design of APAF application will be just done as a standard web applications, without the need for the developer to learn "desktop specific" UI languages.

I cannot run APAF (default configuration) unless txtorcon.launch_tor (apaf/run/base.py, line 73) is changed to:
return txtorcon.launch_tor(torconfig, reactor,
progress_updates=progress_updates)

in lieu of:

    return txtorcon.launch_tor(torconfig, reactor,
                               progress_updates=progress_updates,
                               data_directory=data_directory,
                               tor_binary=config.tor_binary,
    )

Error:

vemr@m:~/apaf/APAF$ python apaf/main.py
2012-10-21 13:12:57+0200 [-] Log opened.
2012-10-21 13:12:57+0200 [-] Application starting on 5545
2012-10-21 13:12:57+0200 [-] Starting factory <cyclone.web.Application instance at 0x913da4c>
2012-10-21 13:12:58+0200 [-] Site starting on 5310
2012-10-21 13:12:58+0200 [-] Starting factory <twisted.web.server.Site instance at 0x94039ec>
2012-10-21 13:12:58+0200 [-] 'Cannot import service zinniablog'
2012-10-21 13:12:58+0200 [-] Traceback (most recent call last):
2012-10-21 13:12:58+0200 [-] File "apaf/main.py", line 48, in
2012-10-21 13:12:58+0200 [-] main()
2012-10-21 13:12:58+0200 [-] File "apaf/main.py", line 31, in std_main
2012-10-21 13:12:58+0200 [-] base.main().addCallback(base.setup_complete).addErrback(base.setup_failed)
2012-10-21 13:12:58+0200 [-] File "/home/vemr/apaf/APAF/apaf/../apaf/run/base.py", line 76, in main
2012-10-21 13:12:58+0200 [-] tor_binary=config.tor_binary,)
2012-10-21 13:12:58+0200 [-] TypeError: launch_tor() got an unexpected keyword argument 'data_directory'

Configuration:

OS: Debian unstable
Python: python 2.7
Python modules: zope.component-4.0.0.egg-info
zope.component-4.0.0-nspkg.pth
PyYAML-3.10.egg-info twisted
zope.event-4.0.0.egg-info
Twisted-12.2.0.egg-info
zope.event-4.0.0-nspkg.pth
zope.interface-4.0.1.egg-info
txtorcon-0.6.egg-info
zope.interface-4.0.1-nspkg.pth

APAF should provide secure email sending facilities to be used by apaf itself and by apaf applications.

APAF should provide a set of API to send secure email with the following security features:

• PGP Encryption
• Strict SSL checking (ability to specify a trusted SSL CA)

The API should be able to use APAF's built-in email configuration data (from apaf config) or taking configuration parameters (server, account, from, etc) directly from the application calling it.

The API should be synchronous and report state-fully the success or failure of sending along with proper error messages (es: the answer from email server, failure in ssl, a timeout or a success).

Apaf should provide a splash screen functionality, that can be enabled by the developer, and used to provide a nice splash screen of the application at it's startup operations.

The splash screen functionality must be initially available on Windows.

An howto for the branding of Apaf application should be available explaining:

• Specification of image formats for Windows to be used for splash screen
• How to convert a standard image to that size for Windows

The splash screen may contain additional dynamic information on the application startup process, that the developer can feed with useful startup information.

It must be supported on the following platforms:

• Windows XP SP3
• Windows Vista
• Windows 7
• Windows 8

APAF is a framework to be used by application developers.

This ticket is for the creation of documentation on how to build your own application with APAF.

A wiki page, that will link to RST formatted documentation, to hold the howto is on https://github.com/mmaker/APAF/wiki/How-to-build-your-own-APAF-application

This document should be updated with the development with latests instruction and provide a useful guide to quickly create an APAF application and build it on multiple platform.

Apaf should provide a built-in browser functionality that, after application startup, open a window-less browser UI to the APAF web application management interface.

This functionality maybe provided trough an existing platform support.

The embedded browser UI would provide to the end-user the look and feel of a native UI application, by providing directly access to the localhost available Apaf application.

The embedded browser technology to be used, should, whenever possible, use the platform's support, for example:

• This must work with MS IE component with no additional dependency
  It must work on IE6/IE7/IE8/IE9/IE10.

Such embedded browser should guarantee that:

• communication only authorized/defined hosts, by default only localhost.
• no logging policy is enforced
• no caching policy is enforced

it just act as UI for apaf application.

By following this approach the design of APAF application will be just done as a standard web applications, without the need for the developer to learn "desktop specific" UI languages.

setup.py has a syntax error, the line 82 must be corrected:

with open('requirements.txt') as dependencies:
    requirements = [dependency.strip() for dependency in dependencies]

instead of:

requirements = [dependency.strip() for dependency in depencies]

Automate installation of system requirement for the APAF development environment setup for Mac OS X.

Following the guide available on https://github.com/mmaker/APAF/wiki/Build-System-HowTo

The resulting environment should automate the download, installation and setup of all dependencies, including patching of broken/buggy packages.

In order to provide easy access to server application on osx, APAF should provide support to "minimize to dock".

That way the end-user can startup a server without having the APAF application always in his "desktop foreground" but running in "foreground" with easy-access dock menu.

The dock menu icon must be configurable.

The basic options available trough the system tray on windows must be:

• See status of application (running or not)
• Stop ApplicationName
• Start ApplicationName
• Open Administration Interface
• Close ApplicationName

It should be possible to enable this feature on osx trough:

• http://stackoverflow.com/questions/8544853/how-to-make-an-menu-bar-system-tray-app-for-osx-in-python

Apaf should provide a splash screen functionality, that can be enabled by the developer, and used to provide a nice splash screen of the application at it's startup operations.

The splash screen functionality must be initially available on OSX.

An howto for the branding of Apaf application should be available explaining:

• Specification of image formats for OSX to be used for splash screen
• How to convert a standard image to that size for OSX

The splash screen may contain additional dynamic information on the application startup process, that the developer can feed with useful startup information.

In order to provide easy access to server application on windows, APAF should provide support to "minimize to system tray".

That way the end-user can startup a server without having the APAF application always in his "desktop foreground" but running in "foreground" with easy-access system tray access.

The system tray icon must be configurable.

The basic options available trough the system tray on windows must be:

• See status of application (running or not)
• Stop ApplicationName
• Start ApplicationName
• Open Administration Interface
• Close ApplicationName

It should be possible to enable this feature on windows trough https://code.google.com/p/pysystray/ .

APAF should provide files metadata cleanup facility to be used by apaf applications, for example File uploader/exchange systems with privacy improvements.

APAF should provide a set of API to cleanup possibly dangerous metadata from files.

The APAF framework should use Tor's project MAT (Metadata Anonymization Toolkit) https://mat.boum.org/ by providing:

• Easy/immediate integration within the build system
• A simple API to scan and cleanup supported files

At 27 May 2012 MAT support the following files to be cleaned up:

    Portable Network Graphics (.png)
    JPEG (.jpg, .jpeg, ...)
    Open Documents (.odt, .odx, .ods, ...)
    Office OpenXml (.docx, .pptx, .xlsx, ...)
    Portable Document Fileformat (.pdf)
    Tape ARchives (.tar, .tar.bz2, .tar.gz, ...)
    Zip (.zip)
    MPEG AUdio (.mp3, .mp2, .mp1, ...)
    Ogg Vorbis (.ogg, ...)
    Free Lossless Audio Codec (.flac)
    Torrent (.torrent)

The default static web service bundled with APAF serves the contents of the system /tmp directory.

Instructions for reproducing: (on Fedora 17 with python-virtualenv)

(install virtualenv, virtualenvwrapper -- yum install python-virtualenv python-virtualenvwrapper)
mkvirtualenv VIRTUAL_ENVIRONMENT (will automatically activate this virtualenv)
(install dependencies and apaf)
cd /path/to/APAF; python apaf/main.py

look for the hidden service .onion address from the following lines:
(timestamp) [TorControlProtocol,client] panel service running at ONION_ADDRESS_1.onion
(timestamp) [TorControlProtocol,client] staticwebserver service running at ONION_ADDRESS_2.onion

navigate to http://SOME_OTHER_ONION.onion and observe the contents of /tmp

This could leak information about other services on the system.

Suggested fix: set the root of the web service to a new empty directory.

Apaf should provide support for setup of an icon for OSX

The APAF application developer must be able to configure into the Apaf configuration file the path of the icon files for OSX build.

An howto for the branding of Apaf application should be available explaining:

• Specification of icon formats for OSX to be used
• How to convert a standard image to icons for OSX

Apaf should provide support for setup of an icon for Windows.

The APAF application developer must be able to configure into the Apaf configuration file the path of the icon files for Windows build.

An howto for the branding of Apaf application should be available explaining:

• Specification of icon formats Windows to be used
• How to convert a standard image to icons for Windows

The format of icon that must be build mut work on:

• Windows 2000
• Windows XP SP3
• Windows Vista
• Windows 7
• Windows 8

Apaf should provide support to register the APAF application as a Window Services with automatic startup on boot and auto-restart in case of failure (provided by windows service manager).

An APAF developer should be provided an API to interact with the registration of autostart of the APAF application as a services:

• Install as a window service
• Configure autostart of a windows service
• Start a window service
• Stop a window service
• Query if window service is installed or not

If login with password fails I get sent the WWW-Authenticate headers and I get prompted to login with username and password.

I believe this has to do with the use of the web.authenticated cyclone decorator that does this automatically.

We should disable the ability to login via WWW-Authenticate HTTP headers, but only do so via FORMs.

Many apaf application may need to use GPG encryption and signature verification for many purposes:

• verification of signature of downloaded files
• encryption of data

Due to the cross-platform nature of APAF, it must provide gpg functionality for OSX and Windows.

The API to be provided to APAF application must initially just support:

• encrypt data
• verify signature
• import pgp public keys

It's out of scope the handling of PGP private keys and/or signing is provided to keep off keychain management functionalities, making the API support stateless (no need to manage keyring databases, leaving to application logic the duty to provide keys for encryption).

This API will be initially only used by:

• #12 API to send email securely
• #2 Automate Apaf dependancy installation (to check fingerprints of software)

Currently Tor have a security weakness so that the Tor Hidden Service Key and the file containing the hostname are stored in clear-text onto the computer's filesystem with no ability to protect it.

The only way to currently protect that kind of file resources is trough the implementation of filesystem encryption, but unfortunately it does require administrative privileges and kernel modules to work.

This ticket is about the implementation of a system to protect the Tor Hidden Service Key and Hostname file.

The implementation maybe done trough:

• Implementation of Tor's Ticket https://trac.torproject.org/projects/tor/ticket/5976
• Implementation of APAF's Ticket #25
• Implementation of TxTorConn Ticket meejah/txtorcon#13

That way it would be possible to store securely Tor HS Key in APAF's Secure Database and load it dynamically via TorCP

Currently that datadir is not included inside of the .app for Mac OS X.

This is shown by simply moving the built .app into a different folder and running it from there:

$ /Applications/apaf.app/Contents/MacOS/apaf
Traceback (most recent call last):
File "/Applications/apaf.app/Contents/Resources/boot.py", line 320, in
_run('run.py')
File "/Applications/apaf.app/Contents/Resources/boot.py", line 317, in _run
execfile(path, globals(), globals())
File "/Applications/apaf.app/Contents/Resources/run.py", line 20, in
from apaf import core
File "apaf/core.pyc", line 12, in
File "apaf/config.pyc", line 72, in
File "apaf/config.pyc", line 37, in init
OSError: [Errno 20] Not a directory: '/Applications/apaf.app/Contents/Resources/lib/python2.7/site-packages.zip/apaf/config.pycAPAF/datadir/config'

This feature is to implement support for Backup and Restore APIs/functionalities of APAF's and APAF's applications.

Summary:
Every application running as a server, need to store customized configuration files, application settings, application data and so on.
However APAF's application will be probably server application in the hands of end-users, this means that the facilities normally required to manage the server should be usable also by an end-user.

Intro:
For the reason previously explained, apaf's made applications should support easy backup and restore functionality.

APAF should provide a way to let an APAF services to declare all it's data files, files customized and/or specific that require to be backed-up and restored, and to hook specific check and/or operations to be done during the backup/restore.

It's supposed that an APAF application's backup file, can be only restored on exactly the same version of the application.

The APAF support for backup and restore should handle all the integrity check verification of compliance between various backup/restore files.

From the end-user point of view the operations for backup and restore should be nothing more than downloading a backup file and uploading a backup file.

The backup file has to be secured, encrypted with a passphrase and/or PGP key of the node maintainer.

That's a topic to be discussed and evaluated cc @hellais @mmaker @sniffjoke @evilaliv3

Apaf should provide support to register the APAF application for automatic startup on boot on Mac OS X (launchd service).

An APAF developer should be provided an API to interact with the registration of autostart of the APAF application as a services:

• Install as a osx service
• Configure autostart of a osx service
• Start a osx service
• Stop a osx service
• Query if osx service is installed or not

Automate installation of system requirement for the APAF development environment setup for Linux.

Following the guide available on https://github.com/mmaker/APAF/wiki/Build-System-HowTo

The resulting environment should automate the download, installation and setup of all dependencies, including patching of broken/buggy packages.

If we install the latest git version of txtorcon (pip install git+https://github.com/meejah/txtorcon.git) apaf fails to start. Txtorcon is being passed a 'None' type for the data-directory.

Isis recently reported an issue in txtorcon and it might have something to do with that (meejah/txtorcon#15)

I tried this with both the master branch and the issue-15 branch of txtorcon. (the version pip installs on 'pip install txtorcon' which is txtorcon 0.5.*? works fine) Link to branch referred to is here meejah/txtorcon#15 Also tried master.

python apaf/main.py
2012-09-17 20:32:02+1000 [-] Log opened.
2012-09-17 20:32:02+1000 [-] Application starting on 5672
2012-09-17 20:32:02+1000 [-] Starting factory <cyclone.web.Application instance at 0x26e90e0>
2012-09-17 20:32:02+1000 [-] Site starting on 6067
2012-09-17 20:32:02+1000 [-] Starting factory <twisted.web.server.Site instance at 0x32aca70>
2012-09-17 20:32:02+1000 [-] 'Cannot import service zinniablog'
2012-09-17 20:32:02+1000 [-] Traceback (most recent call last):
2012-09-17 20:32:02+1000 [-] File "apaf/main.py", line 48, in
2012-09-17 20:32:02+1000 [-] main()
2012-09-17 20:32:02+1000 [-] File "apaf/main.py", line 31, in std_main
2012-09-17 20:32:02+1000 [-] base.main().addCallback(base.setup_complete).addErrback(base.setup_failed)
2012-09-17 20:32:02+1000 [-] File "/home/lovelace/src/python/APAF/apaf/../apaf/run/base.py", line 71, in main
2012-09-17 20:32:02+1000 [-] tor_binary=config.tor_binary,
2012-09-17 20:32:02+1000 [-] TypeError: launch_tor() got an unexpected keyword argument 'data_directory'

I'd figure out a solution, but I am not very familiar with the codebase yet, so I thought it was safer to report. If it turns out either of the patches at meejah/txtorcon#15 solve this, this can be closed.

The Apaf build system should provided a guided way to create packages and automate installation dependencies/configurations for Debian/Ubuntu systems.

The build should support automation of all the steps on a specific LTS version of Ubuntu.

Write a document that describes how to set up and run APAF and all dependencies.

This Ticket for the implementation of support in APAF, to document and facilitate the signing of resulting PE executable with a X509v3 digital certificate.

The Signing verification must work on:

• Windows XP SP3
• Windows Vista
• Windows 7
• Windows 8

cc @hellais @mmaker @mogui