On Mon, 2 Feb 2015 22:41:40 +0000 isis <isis@xxxxxxxxxxxxxx> wrote: > I requested that the obfs4proxy package in Debian jessie be ported to > wheezy-backports, [0] however, it seems this is extremely unlikely to > happen because it would mean backporting pretty much every Golang > package in existence. Last I heard, that was mostly unnecessary, though how exactly this apt pinning stuff works is a mystery to me[0]. > I would be super stoked if we could make it as easy and seamless as > possible for the Bridge operators who are still running obfs2 (!!) to > move to supporting better, newer Pluggable Transports. Currently > recommended PTs to run are: obfs3, obfs4, scramblesuit, and > fteproxy. When Tor Browser 4.5 becomes stable (probably in mid-April > 2015), we'll want lots more obfs4 Bridges! For the super adventurous > sysadmins who'd like to try Yawning's experimental new post-quantum > PT, Basket [1] is one of the newest PTs. More obfs4 bridges would be amazing. It's worth noting that obfs4proxy can also handle obfs2 and 3 (and with a branch that I need to test/merge soon, a ScrambleSuit client), and it even is easy to run bridges on ports < 1024 without messing with port forwarding. Basket is still a research project and non-researchers shouldn't deploy it because the wire format may change (and it consumes a hilarious amount of bandwidth). > We should probably come up with some easy instructions for operators > of Tor Bridge relays who are running Debian stable, such as adding an > Apt pin to pull in only the obfs4proxy package and its dependencies > from Debian jessie and keep everything else pinned to stable. If > someone has done this, or has another simple solution, would you mind > writing up some short how-to on the steps you took, please? > > [0]: > http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html > [1]: https://github.com/yawning/basket All of obfs4proxy's dependencies are build time. The binary is statically linked because that's what Go does. David S.'s ansible-tor package does it like this: https://github.com/david415/ansible-tor/commit/f897581daa79389ddcb28c7dae601473e85e8226 So the documentation should be a matter of "how to setup the apt pin for a single package". I've heard someone complaining about the tor AppArmor profile but that also isn't something I've dealt with ever. Regards, -- Yawning Angel [0]: I just scp the binary to my bridge whenever I need to update it, and my idea of how to update all my linux systems starts with "pacman" and not "apt-get".
Attachment:
pgpmQA_9kWbko.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays