<div dir="ltr">You can pin package/repository priority. You just have to create a file in /etc/apt/preferences.d/ with contents like<div><br></div><div>Package: *</div><div>Pin: release o=jessie</div><div>Pin-priority: 400</div><div><br></div><div>then run apt-get update and apt-cache policy PACKAGE to confirm your settings.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 14, 2015 at 12:50 PM, Alexander Dietrich <span dir="ltr"><<a href="mailto:alexander@dietrich.cx" target="_blank">alexander@dietrich.cx</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>

<div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">

<p>The problem with "Add repositry to /etc/apt/sources.list" is that this will not work on Ubuntu without GPG errors, since the keys used for signing the packages are unknown. And the Debian developers don't seem to publish their key fingerprints on their website.</p>

<p>The second problem is that the next "aptitude safe-upgrade" wants to "update" a ton of packages, presumably from Debian Testing. I did read the page on pinning, but just couldn't figure out how to make this work on Ubuntu.</p>

<p>So it's probably safer to wait for obfs4proxy to show up in Ubuntu repositories. Is there already a plan for that?</p>

<p>Best regards,</p><span class="">

<p>Alexander</p>

<div>

<pre>---<br>PGP Key: <a href="https://dietrich.cx/pgp" target="_blank">https://dietrich.cx/pgp</a> | 0x727A756DC55A356B</pre>

</div>

</span><div><div class="h5"><p>On 2015-02-05 21:17, ZEROF wrote:</p>

<blockquote type="cite" style="padding-left:5px;border-left:#1010ff 2px solid;margin-left:5px">

<div dir="ltr">

<pre>-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

If you want to try to install jessi without updating your system it's possible. Add repositry to /etc/apt/sources.list, run apt-get update. Then use this and only this command to upgrade only that package from new repository (check if you need to replace jessie with unstable or something like that):

apt-get -t jessie install name of your package

You don't need to remove repository from your sources list because this command will lock upgrades of other packages. Check this url for more info: <a href="https://wiki.debian.org/AptPreferences" target="_blank">https://wiki.debian.org/AptPreferences</a>, in section "Installing from unstable".

-----BEGIN PGP SIGNATURE-----

Version: OpenPGP.js v0.7.2

Comment: <a href="http://openpgpjs.org" target="_blank">http://openpgpjs.org</a>

wsFcBAEBCAAQBQJU08+wCRDHWR777fxuEQAAEpkP/3u/KvoBnRBLeQLNb4P7

wumvgdpk5cs/pLvazQvEdGI/rUb5PT+Y+i7+wDTAb6y/btVh5n+S1vzBhgTV

RN6RM55CGls3shXEEhFLTUe6Pm8hONn0EtZ8V4CGWMV91/RSOfJdevMIzX/E

FZOtYrRGc+ymm9XWbyZaOnPdkG5s+Y+UMBVfhEl2QhB5JnFfp8ubMzLCOZSg

hFUHOuOdQTcXgO5KZ5FjtXRynRbJYitDSAwzIlen7VQCgknv+z6a4D40tQ7/

emvTaAZ3KYQzgZFugfiqBi8fUA55MkvEE+XjLFqWGj6u7zmXXQJ9EVvh6Fml

+kbf8QjP/pu1TGyagrro2W+sBNHgZnm/o1nvj+a+qFiQu1NmwvJ7n4mJtYVt

CwxZhBfiLemOZoX4AyS/3u21h494cAshDnPJ9J+0A1rKKjKUtejgRD19m++Q

TMXpa+LPr3RRLRZUospWpMljtypu1t/masv+iM1sdgw46hF8GiM7FcGnazU8

SMy408gLLu09bCXwXKQ4hfUf68Uo8Y4v/g8BozV3GuUcaIOSTX4sCXwneMAW

/f7RYslrMHfkqIQSCtulIq3fI7CQpFjtoRYCfcG5nF0IziU3lHB0cRB7uL0n

zKwPYW3CiQz0O8HDCg0sdp1iuYr6yahr1WsnpBoc1AGWASTqdVgRELXHgCL6

ZMyT

=FL9d

-----END PGP SIGNATURE-----

</pre>

</div>

<div class="gmail_extra"><br>

<div class="gmail_quote">On 3 February 2015 at 18:33, Alexander Dietrich <span><<a href="mailto:alexander@dietrich.cx" target="_blank">alexander@dietrich.cx</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Is it possible to install the obfs4proxy package securely (with signature verification) on Ubuntu? I looked at this a while ago, but couldn't figure out how to make it work.<br> <br> Thanks,<br> Alexander<br> ---<br> PGP Key: <a href="https://dietrich.cx/pgp" target="_blank">https://dietrich.cx/pgp</a> | 0x727A756DC55A356B

<div>

<div><br> <br> On 2015-02-03 01:14, Yawning Angel wrote:</div>

</div>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div>

<div>On Mon, 2 Feb 2015 22:41:40 +0000<br> isis <<a href="mailto:isis@torproject.org" target="_blank">isis@torproject.org</a>> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I requested that the obfs4proxy package in Debian jessie be ported to<br> wheezy-backports, [0] however, it seems this is extremely unlikely to<br> happen because it would mean backporting pretty much every Golang<br> package in existence.</blockquote>

<br> Last I heard, that was mostly unnecessary, though how exactly this apt<br> pinning stuff works is a mystery to me[0].<br> <br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I would be super stoked if we could make it as easy and seamless as<br> possible for the Bridge operators who are still running obfs2 (!!) to<br> move to supporting better, newer Pluggable Transports.  Currently<br> recommended PTs to run are: obfs3, obfs4, scramblesuit, and<br> fteproxy.  When Tor Browser 4.5 becomes stable (probably in mid-April<br> 2015), we'll want lots more obfs4 Bridges!  For the super adventurous<br> sysadmins who'd like to try Yawning's experimental new post-quantum<br> PT, Basket [1] is one of the newest PTs.</blockquote>

<br> More obfs4 bridges would be amazing.  It's worth noting that obfs4proxy<br> can also handle obfs2 and 3 (and with a branch that I need to<br> test/merge soon, a ScrambleSuit client), and it even is easy to run<br> bridges on ports < 1024 without messing with port forwarding.<br> <br> Basket is still a research project and non-researchers shouldn't deploy<br> it because the wire format may change (and it consumes a hilarious<br> amount of bandwidth).<br> <br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We should probably come up with some easy instructions for operators<br> of Tor Bridge relays who are running Debian stable, such as adding an<br> Apt pin to pull in only the obfs4proxy package and its dependencies<br> from Debian jessie and keep everything else pinned to stable.  If<br> someone has done this, or has another simple solution, would you mind<br> writing up some short how-to on the steps you took, please?<br> <br> [0]:<br> <a href="http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html" target="_blank">http://lists.alioth.debian.<span style="text-decoration:underline"></span>org/pipermail/pkg-anonymity-<span style="text-decoration:underline"></span>tools/Week-of-Mon-20150202/<span style="text-decoration:underline"></span>001119.html</a><br> [1]: <a href="https://github.com/yawning/basket" target="_blank">https://github.com/yawning/<span style="text-decoration:underline"></span>basket</a></blockquote>

<br> All of obfs4proxy's dependencies are build time.  The binary is<br> statically linked because that's what Go does.  David S.'s ansible-tor<br> package does it like this:<br> <br> <a href="https://github.com/david415/ansible-tor/commit/f897581daa79389ddcb28c7dae601473e85e8226" target="_blank">https://github.com/david415/<span style="text-decoration:underline"></span>ansible-tor/commit/<span style="text-decoration:underline"></span>f897581daa79389ddcb28c7dae6014<span style="text-decoration:underline"></span>73e85e8226</a><br> <br> So the documentation should be a matter of "how to setup the apt pin<br> for a single package".  I've heard someone complaining about the tor<br> AppArmor profile but that also isn't something I've dealt with ever.<br> <br> Regards,<br> <br> --<br> Yawning Angel<br> <br> [0]: I just scp the binary to my bridge whenever I need to update it,<br> and my idea of how to update all my linux systems starts with "pacman"<br> and not "apt-get".<br> </div>

</div>

______________________________<span style="text-decoration:underline"></span>_________________<br> tor-relays mailing list<br> <a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.<span style="text-decoration:underline"></span>org</a><br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/<span style="text-decoration:underline"></span>cgi-bin/mailman/listinfo/tor-<span style="text-decoration:underline"></span>relays</a></blockquote>

______________________________<span style="text-decoration:underline"></span>_________________<br> tor-relays mailing list<br> <a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.<span style="text-decoration:underline"></span>org</a><br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/<span style="text-decoration:underline"></span>cgi-bin/mailman/listinfo/tor-<span style="text-decoration:underline"></span>relays</a></blockquote>

</div>

<br><br clear="all">

<div> </div>

-- <br>

<div>

<div dir="ltr"><a href="http://www.backbox.org" target="_blank">http://www.backbox.org</a>

<div><a href="http://www.pentester.iz.rs" target="_blank">http://www.pentester.iz.rs</a></div>

<div> </div>

</div>

</div>

</div>

<br>

<pre>_______________________________________________

tor-relays mailing list

<a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.org</a>

<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>

</pre>

</blockquote>

</div></div></div>

<br>_______________________________________________<br>

tor-relays mailing list<br>

<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>

<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>

<br></blockquote></div><br></div>