August 2018 - tor-packagers - lists.torproject.org

Vanguards v0.2.2 is available for packaging
by Mike Perry 12 Sep '18

12 Sep '18

Vanguards v0.2.2 is tagged on github at https://github.com/mikeperry-tor/vanguards. The tag is signed with the gpg key that signed this mail, and all of my other mails. Version 0.2.2 fixes an exception crash bug found by traumschule (https://github.com/mikeperry-tor/vanguards/issues/29) Here is the complete changelog: - Fix exception when a connection to a guard is closed with more than one live circuit. #29 - Catch control+c and exit cleanly. #30. - Use Tor's network liveness events to double-check connectivity. - Print out relevant versions at startup. Again, the preferred interpreter for vanguards is pypy, but you must use either stem 1.5.4 (or below), or stem 1.6.0 with this patch: https://gitweb.torproject.org/stem.git/commit/?id=c52db04 The addon does not require this patch when run under python2 or python3 with stem 1.6.0 (but pypy will be much faster for high traffic onion services). The addon also requires Tor 0.3.3.x or above, and 0.3.4.x is preferred. Please set dependencies and repository placement accordingly. If you previously had issues with the tests, please see: https://github.com/mikeperry-tor/vanguards/blob/master/README_TESTS.md -- Mike Perry

2 2

dead links on packages wiki page
by Traumschule 27 Aug '18

27 Aug '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, For #27309 i was looking at [1] and found two linked sites unreachable: macOS: https://brewformulas.org/Tor NetBSD: https://pkgsrc.se/net/tor Hopefully this is only temporarily. [1] https://trac.torproject.org/projects/tor/wiki/doc/packages - -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEk1ZN7YVGjZrCkDYFEu59cHERIFYFAluAqEsACgkQEu59cHER IFazIQv/UiQWp9BriRgcKpNmsVYvyfsoY4sXPH29q2DwkKYEubSWv9+YoK7fpO0k yWDIJm3rdg0VDX/Jdujs3tzygdXyMYHDs59lwrE41JqZZY+TDRZZGS604i2jWbsG EHC/AofH5+b2vpnhH3zspbteZGLEX3e64FOHCNumdYcmsqmAgMCLLkOTT/oFLLmp 4pixYFghheu27hBgAy5XKeJil+KnV2xdtiqS75EIuxoYn0h/9k+/a9p0suk1vLuV MAEn6yRk74VgPld7z2w/LJeYD+1x4w6D6p80EJqJrCaMRHL2ZVzxZCsrEoE1hwt/ /cPDKwmkPouFEU3I2PrnJ9ipaKvd29y4MN2UfvcgSOfTS/3xj0gpPt/L1oeu+2B+ 55LFfxuZUzJXMXZcH1vU9DuPVKDKyyGAM5ODpK9SRqtr6oMxgVQvFZ3KapF9k8Lo GtcS3BQdBneYKkBGv2P7WXhuubfb8aToFpzYy4RS131qcCtTHuXSFbzZaf9ce3S4 WldtADUH =PVgT - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEk1ZN7YVGjZrCkDYFEu59cHERIFYFAluAtWYACgkQEu59cHER IFZIyQv/aMHio7gRfXqgeuAD4yAUITm5oYH5PVEMp7s2UW4tUXfcXOid9wa1aMaS 5vec4PiYG91GXFI0qvQ/v1lddfGfqNBL6IrNtU5PRj/s91a6QPfqyFADdto2uQ0C zXfUUZJORNHr3mlvgNQbTLjOBMZkC/k5d2uJQrbpvjtrXbysyLD+kk7LdDlHjZx6 ZWD+AMdWXT/37pJs91EN0qX9l7L3t6AqowDi7JrwX3Z6BIaaOzh69fy9BrAqRXFl rDa4owPSlb5nqnUzwm25jbmHhE15uyBbzaGwLMGp+D3AKzksccQEnK84ovO5ok6+ t756ro3QGPVDSe8ZCh0LFUnc0XtIxgL8NmdIN0NyWDIzRfh+Id/pbSm9gIoQoXc3 jyF5/kSjCt7rvH+HMlTxip1HdXIULgQUAOm9kk3+siX/ppcpnqwiM/wTsFXj9Bqb I4to3UexrbOX60lpjH1KyGCgh/enm/C9+jG4olj5JDME03BEBENlraUUjQ8Hvoem +v1vNsNc =u5fk -----END PGP SIGNATURE-----

2 4

Tor 0.3.4.7-rc is released
by Nick Mathewson 24 Aug '18

24 Aug '18

Hi, all! We found some bugs that forced us to put out another release candidate. You can fetch it from dist.torproject.org as usual. I'm hoping that the next 0.3.4.x release will be stable. The changelog is here: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.4.7-rc&id=84… best wishes, -- Nick

1 0

Vanguards v0.2.1 is available for packaging
by Mike Perry 13 Aug '18

13 Aug '18

Vanguards v0.2.1 is tagged on github at https://github.com/mikeperry-tor/vanguards. The tag is signed with the gpg key that signed this mail, and all of my other mails. Again, the preferred interpreter for vanguards is pypy, but you must use either stem 1.5.4 (or below), or stem 1.6.0 with this patch: https://gitweb.torproject.org/stem.git/commit/?id=c52db04 The tests will fail on pypy with an affected stem (which is how I discovered the stem issue). If you previously had issues with the tests, please see: https://github.com/mikeperry-tor/vanguards/blob/master/README_TESTS.md Hopefully the new test README can help you ensure that you have working versions of everything. Iain also wrote a systemd service wrapper that may be useful: https://salsa.debian.org/pkg-privacy-team/vanguards/blob/master/debian/vang… I want to write a Tor blog post announcing this new version, but I want to mention distribution packages in that blog post, since that was a FAQ in the comments of the initial blogpost. If you are packaging this addon, please let me know which repositories it will appear at, and give me a link to instructions for how users can add or enable them on their systems. I haven't heard anything from Fedora/RPM people. That would be super useful. :) Overall, I think this release is a significant improvement over v0.1.1. Here's the changelog: - Read ExcludeNodes from Tor and don't pick layer2 or layer3 guards in this set. #11 - Add --one_shot_vanguards and --disable_vanguards options (to enable OnionBalance synchronization). #12 - Don't write to torrc by default. #18 - Keep attempting to reconnect if the control port dies. #19 - Support tighter bounds on dropped data to defend against DropMark, and change circ_max_dropped_bytes_percent to circ_max_dropped_cells. However, leave these at NOTICE pending Tor patch #25573. #20. - Limit rend requests from relays that are not in our consensus. #22. - Added connectivity accounting: WARN if we're disconnected or can't build circuits for more than 'conn_max_disconnected_secs' and 'circ_max_disconnected_secs'. Also emit a NOTICE if a connection dies while there are live circuits on it. #23 - Fix several false positive cases in rendguard. More may remain, so demote logline to NOTICE for now. #24 - Change rendguard params to lower the false positive rate. If you use a conf file, be sure to update the values there, if specified. #24. - Standardize using WARN for messages that we're confident represent serious issues, and use NOTICE for heuristics that may need more tuning. -- Mike Perry

1 1

Request for Packaging: vanguards
by Mike Perry 09 Aug '18

09 Aug '18

Hella howdy yall, The vanguards Tor Controller addon is getting close to another release. It lives at: https://github.com/mikeperry-tor/vanguards The addon is written in python, and uses the Tor Control Protocol (via stem) to alter how Tor behaves. It provides protection to onion services and onion service clients against a variety of attacks. It implements experimental defenses that need to be tuned to perform optimally for a variety of different deployment scenarios, known and unknown, that may exist in the wild. For more details about what the addon does, see: https://github.com/mikeperry-tor/vanguards/blob/master/README_TECHNICAL.md For a comprehensive treatment of the known attacks against onion services, including how this addon fits in, see: https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md The ultimate goal is to merge these defenses into Tor itself, but they will take time to study. Because of this, the lifespan of this addon will be measured in years, especially if your distribution uses the "Tor Long Term Stable" release by default. During this time, it is important that this addon is easy to install and update securely, so that onion service operators can run it in order to give us feedback on how parameters perform with their particular setups, in addition to allowing them to benefit from the additional security we believe that it provides. The addon does not have to be available in your distribution's official repositories. It is sufficient that it is available either via a backports repository, or via one of the torproject package sources for your distribution. The important thing is that it is authenticated by a secure GPG key that can be imported into a distribution's package manager, and that you keep up with updates. The addon has 98% unit test coverage of its lines under python2.7, python3.5, and pypy. pypy is the preferred python interpreter for the addon, because it provides a JIT that improves performance for high traffic onion services. The addon has two dependencies: ipaddress, and stem. ipaddress is included in python3 distributions, and that version is sufficient. For python2 and pypy, the version in requirements.txt is preferred. Unfortunately, however, Stem 1.6.0 broke compatibility with pypy: https://trac.torproject.org/projects/tor/ticket/26207 A fix is available here, but is not present in any stem release: https://gitweb.torproject.org/stem.git/commit/?id=c52db04 Your distribution will need to backport this fix, if it uses Stem 1.6.0 with pypy. Stem versions prior to 1.6.0 do not have this issue. The forthcoming stem 1.7.0 will include the fix. Iain Learmonth (irl) has been working on the packages for debian. Hopefully he can report any additional issues here. Please respond to this mail on or off list if you intend to package this addon for your distribution, for either official repositories or for torproject ones, so that we may mention this fact in an upcoming blogpost for the release. Please also ask me any questions you may have about packaging, on list or off. I'm also on #tor-dev on irc.oftc.net as mikeperry. The release tags are signed with the following GPG key, which has also signed this mail, and also signs all of my other mails to tor mailinglists: pub 8192R/29846B3C683686CC 2013-09-11 Key fingerprint = C963 C21D 6356 4E2B 10BB 335B 2984 6B3C 6836 86CC uid Mike Perry <mikeperry(a)endarken.info> uid Mike Perry <mikeperry(a)unencrypted.info> uid Mike Perry (Regular use key) <mikeperry(a)fscked.org> uid Mike Perry (Regular use key) <mikeperry(a)torproject.org> -- Mike Perry

4 4

Tor 0.3.4.6-rc available for packaging
by Nick Mathewson 08 Aug '18

08 Aug '18

Hi! You can get Tor 0.3.4.6 from the usual place at: https://dist.torproject.org/ The website should update shortly. Since this is a release candidate, bug reports would be greatly appreciated. Changelog at: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.4.6-rc cheers, -- Nick

1 0