[OTR-dev] Testing with wine rather than native windows (questions in-line)

Jacob Appelbaum jacob at appelbaum.net
Wed Aug 22 22:12:51 EDT 2012 

Hi,

For various reasons, I'm testing OTR 4.0.0-rc1 with wine - I wanted to
document this process as a very basic way for Free Software inclined
folks to do a very basic win32 functionality check. Things seem to work
but I've found a few issues that seem worth addressing.

If you're on Debian or Ubuntu install wine:

  sudo apt-get install wine

Fetch pidgin:

  cd /tmp;
  wget -c
http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.6/pidgin-2.10.6.exe

Fetch pidgin-otr:

  cd /tmp;
  wget -c
http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.0-0-rc1.exe

Run pidgin's installer with wine:

  wine pidgin-2.10.6.exe

Note that if you haven't already prepared your Wine environment with the
required GTK libraries, pidgin will download and install it. Consider
yourself warned if your local network tampers with the bits that flow
across it. :(

It fetches the gtk files over http from this url:
http://pidgin.im/win32/download_redir.php?version=2.10.6&gtk_version=2.16.6.0&dl_pkg=gtk

It also fetches debug symbols over http from this url:
http://pidgin.im/win32/download_redir.php?version=2.10.6&dl_pkg=dbgsym

I've filed those two observations as a security issue on the pidgin bug
tracker:

  http://developer.pidgin.im/ticket/15277

I also found a proxy bypass issue that is related to their "Tor/Privacy
Proxy" support:

  http://developer.pidgin.im/ticket/15276

Now assuming that pidgin installed correctly, we'll install pidgin-otr:

  wine pidgin-otr-4.0.0-0-rc1.exe

I found that this ran without any errors or complicated steps.

Run Pidgin:

  wine "C:\Program Files\Pidgin\pidgin.exe"

Now you'll want to enable the pidgin-otr plugin. This is done by
checking a box in the plugins window for it.

Is there a way to flip this bit when we install the pidgin-otr plugin?
If so, it would be *really* nice.

I created a test account and tested it against an older OTR enabled
client. It seemed to work well. Keys automatically generated after I
started to chat with my other client. It took a few full round trips
before the OTR chat picked things up - is that a result of solving the
OTR-wars? Seems better than an OTR-war if so...

I noticed a few pidgin debug log errors. These four lines appear when
double clicking on the OTR plugin in the plugins window:

(18:18:12) Gtk: gtk_widget_set_sensitive: assertion `GTK_IS_WIDGET
(widget)' failed
(18:18:12) Gtk: gtk_widget_set_sensitive: assertion `GTK_IS_WIDGET
(widget)' failed
(18:18:12) Gtk: gtk_widget_set_sensitive: assertion `GTK_IS_WIDGET
(widget)' failed
(18:18:12) Gtk: gtk_widget_set_sensitive: assertion `GTK_IS_WIDGET
(widget)' failed

I noticed a seemingly unintended consequence of the anti-logging,
pro-privacy feature. This was in my log files after I started a chat:

(06:15:24 PM) pidgin-otr-testing at jabber.ccc.de/pidgin-wine-otr: hello
(06:15:36 PM) xxx at jabber.ccc.de: hello
(06:16:21 PM) xxx at jabber.ccc.de: how are you?
(06:16:31 PM) xxx at jabber.ccc.de has not been authenticated yet.  You
should authenticate this buddy.

Certainly an improvement but perhaps not the right balance?

I tried to SMP auth with a Q&A - when my old pidgin client canceled, the
new one was told "An error occurred during authentication." I think that
isn't strictly correct but perhaps that's desired?

When I start the SMP Q&A auth process on my OTR 4.0.0-rc client, I have
the following debug log errors:

(18:27:58) Gtk: gtk_box_pack: assertion `child->parent == NULL' failed
(18:27:58) Gtk: gtk_box_pack: assertion `child->parent == NULL' failed
(18:27:58) Gtk: gtk_box_pack: assertion `child->parent == NULL' failed

When I start it from my older client, my new OTR client has these debug
log errors:

(18:29:30) Gtk: gtk_box_pack: assertion `child->parent == NULL' failed
(18:29:30) Gtk: gtk_box_pack: assertion `child->parent == NULL' failed

When I start a new conversation from my old client with OTR, I get this
debug log errors:

(18:33:03) g_log: purple_conversation_get_type: assertion `conv != NULL'
failed

The UI opens a window on the new pidgin and says:
(06:33:09 PM) Private conversation with xxx at jabber.ccc.de started.  Your
client is not logging this conversation.

I checked the log file and sure enough, we don't see any new log entries
at all. Yay!

(I'm off to grind on pidgin for a bit for some more obvious
privacy/security issues while I have it open...)

All the best,
Jacob

More information about the OTR-dev mailing list