[tor-packagers] Request for Packaging: vanguards
Mike Perry
mikeperry at torproject.org
Wed Aug 8 06:49:16 UTC 2018
Hella howdy yall,
The vanguards Tor Controller addon is getting close to another release.
It lives at: https://github.com/mikeperry-tor/vanguards
The addon is written in python, and uses the Tor Control Protocol (via
stem) to alter how Tor behaves. It provides protection to onion services
and onion service clients against a variety of attacks. It implements
experimental defenses that need to be tuned to perform optimally for a
variety of different deployment scenarios, known and unknown, that may
exist in the wild.
For more details about what the addon does, see:
https://github.com/mikeperry-tor/vanguards/blob/master/README_TECHNICAL.md
For a comprehensive treatment of the known attacks against onion
services, including how this addon fits in, see:
https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md
The ultimate goal is to merge these defenses into Tor itself, but they
will take time to study. Because of this, the lifespan of this addon
will be measured in years, especially if your distribution uses the "Tor
Long Term Stable" release by default.
During this time, it is important that this addon is easy to install and
update securely, so that onion service operators can run it in order to
give us feedback on how parameters perform with their particular setups,
in addition to allowing them to benefit from the additional security we
believe that it provides.
The addon does not have to be available in your distribution's official
repositories. It is sufficient that it is available either via a
backports repository, or via one of the torproject package sources for
your distribution. The important thing is that it is authenticated by a
secure GPG key that can be imported into a distribution's package
manager, and that you keep up with updates.
The addon has 98% unit test coverage of its lines under python2.7,
python3.5, and pypy. pypy is the preferred python interpreter for the
addon, because it provides a JIT that improves performance for high
traffic onion services.
The addon has two dependencies: ipaddress, and stem. ipaddress is
included in python3 distributions, and that version is sufficient.
For python2 and pypy, the version in requirements.txt is preferred.
Unfortunately, however, Stem 1.6.0 broke compatibility with pypy:
https://trac.torproject.org/projects/tor/ticket/26207
A fix is available here, but is not present in any stem release:
https://gitweb.torproject.org/stem.git/commit/?id=c52db04
Your distribution will need to backport this fix, if it uses Stem
1.6.0 with pypy. Stem versions prior to 1.6.0 do not have this issue.
The forthcoming stem 1.7.0 will include the fix.
Iain Learmonth (irl) has been working on the packages for debian.
Hopefully he can report any additional issues here.
Please respond to this mail on or off list if you intend to package this
addon for your distribution, for either official repositories or for
torproject ones, so that we may mention this fact in an upcoming
blogpost for the release. Please also ask me any questions you may have
about packaging, on list or off. I'm also on #tor-dev on irc.oftc.net as
mikeperry.
The release tags are signed with the following GPG key, which has also
signed this mail, and also signs all of my other mails to tor
mailinglists:
pub 8192R/29846B3C683686CC 2013-09-11
Key fingerprint = C963 C21D 6356 4E2B 10BB 335B 2984 6B3C 6836 86CC
uid Mike Perry <mikeperry at endarken.info>
uid Mike Perry <mikeperry at unencrypted.info>
uid Mike Perry (Regular use key) <mikeperry at fscked.org>
uid Mike Perry (Regular use key) <mikeperry at torproject.org>
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-packagers/attachments/20180808/92fdd0a5/attachment.sig>
More information about the tor-packagers
mailing list