[tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 9 22:03:44 UTC 2019
#32550: Static tor in docker container
---------------------------------+-------------------------------
Reporter: thymbahutymba | Owner: phw
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Circumvention/Obfs4 | Version:
Severity: Normal | Resolution:
Keywords: docker, s30-o24a2 | Actual Points:
Parent ID: #31281 | Points: 2
Reviewer: | Sponsor: Sponsor30-can
---------------------------------+-------------------------------
Changes (by phw):
* keywords: docker => docker, s30-o24a2
* points: => 2
* sponsor: => Sponsor30-can
* parent: => #31281
Comment:
Replying to [comment:2 thymbahutymba]:
> Replying to [comment:1 phw]:
> > I like the idea of making our image more lightweight but I worry about
the additional complexity in the build process. For example, we also need
to include Tor's GeoIP database because otherwise the bridge won't be
reporting the country codes of its clients. Debian's tor package depends
on tor-geoipdb, which takes care of this for us.
>
> Actually this problem does not exist because looking at the debian
geoipdb package [https://packages.debian.org/sid/all/tor-geoipdb/filelist
tor-geoipdb] the interesting file are {{{/usr/share/tor/geoip*}}}; if we
look at the result from the tor statically compilation these file are
already present.
[[br]]
Gotcha, that certainly makes things easier.
Another reservation I have is that this approach requires us to keep track
of the latest versions of dependencies and their security vulnerabilities,
which takes time and effort. Every time we're creating a new docker image,
we need to figure out what the latest version of OpenSSL etc. is. A Debian
package however takes care of this for us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32550#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list