[tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

Igor Chelnokov gendalph20 at gmail.com
Sat Feb 14 15:43:20 UTC 2015 

You can pin package/repository priority. You just have to create a file in
/etc/apt/preferences.d/ with contents like

Package: *
Pin: release o=jessie
Pin-priority: 400

then run apt-get update and apt-cache policy PACKAGE to confirm your
settings.

On Sat, Feb 14, 2015 at 12:50 PM, Alexander Dietrich <alexander at dietrich.cx>
wrote:

>  The problem with "Add repositry to /etc/apt/sources.list" is that this
> will not work on Ubuntu without GPG errors, since the keys used for signing
> the packages are unknown. And the Debian developers don't seem to publish
> their key fingerprints on their website.
>
> The second problem is that the next "aptitude safe-upgrade" wants to
> "update" a ton of packages, presumably from Debian Testing. I did read the
> page on pinning, but just couldn't figure out how to make this work on
> Ubuntu.
>
> So it's probably safer to wait for obfs4proxy to show up in Ubuntu
> repositories. Is there already a plan for that?
>
> Best regards,
>
> Alexander
>
> ---
> PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B
>
>  On 2015-02-05 21:17, ZEROF wrote:
>
>  -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> If you want to try to install jessi without updating your system it's possible. Add repositry to /etc/apt/sources.list, run apt-get update. Then use this and only this command to upgrade only that package from new repository (check if you need to replace jessie with unstable or something like that):
>
> apt-get -t jessie install name of your package
>
> You don't need to remove repository from your sources list because this command will lock upgrades of other packages. Check this url for more info: https://wiki.debian.org/AptPreferences, in section "Installing from unstable".
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: OpenPGP.js v0.7.2
> Comment: http://openpgpjs.org
>
> wsFcBAEBCAAQBQJU08+wCRDHWR777fxuEQAAEpkP/3u/KvoBnRBLeQLNb4P7
> wumvgdpk5cs/pLvazQvEdGI/rUb5PT+Y+i7+wDTAb6y/btVh5n+S1vzBhgTV
> RN6RM55CGls3shXEEhFLTUe6Pm8hONn0EtZ8V4CGWMV91/RSOfJdevMIzX/E
> FZOtYrRGc+ymm9XWbyZaOnPdkG5s+Y+UMBVfhEl2QhB5JnFfp8ubMzLCOZSg
> hFUHOuOdQTcXgO5KZ5FjtXRynRbJYitDSAwzIlen7VQCgknv+z6a4D40tQ7/
> emvTaAZ3KYQzgZFugfiqBi8fUA55MkvEE+XjLFqWGj6u7zmXXQJ9EVvh6Fml
> +kbf8QjP/pu1TGyagrro2W+sBNHgZnm/o1nvj+a+qFiQu1NmwvJ7n4mJtYVt
> CwxZhBfiLemOZoX4AyS/3u21h494cAshDnPJ9J+0A1rKKjKUtejgRD19m++Q
> TMXpa+LPr3RRLRZUospWpMljtypu1t/masv+iM1sdgw46hF8GiM7FcGnazU8
> SMy408gLLu09bCXwXKQ4hfUf68Uo8Y4v/g8BozV3GuUcaIOSTX4sCXwneMAW
> /f7RYslrMHfkqIQSCtulIq3fI7CQpFjtoRYCfcG5nF0IziU3lHB0cRB7uL0n
> zKwPYW3CiQz0O8HDCg0sdp1iuYr6yahr1WsnpBoc1AGWASTqdVgRELXHgCL6
> ZMyT
> =FL9d
> -----END PGP SIGNATURE-----
>
>
> On 3 February 2015 at 18:33, Alexander Dietrich <alexander at dietrich.cx>
> wrote:
>
>> Is it possible to install the obfs4proxy package securely (with signature
>> verification) on Ubuntu? I looked at this a while ago, but couldn't figure
>> out how to make it work.
>>
>> Thanks,
>> Alexander
>> ---
>> PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B
>>
>>
>> On 2015-02-03 01:14, Yawning Angel wrote:
>>
>>>  On Mon, 2 Feb 2015 22:41:40 +0000
>>> isis <isis at torproject.org> wrote:
>>>
>>>> I requested that the obfs4proxy package in Debian jessie be ported to
>>>> wheezy-backports, [0] however, it seems this is extremely unlikely to
>>>> happen because it would mean backporting pretty much every Golang
>>>> package in existence.
>>>
>>>
>>> Last I heard, that was mostly unnecessary, though how exactly this apt
>>> pinning stuff works is a mystery to me[0].
>>>
>>> I would be super stoked if we could make it as easy and seamless as
>>>> possible for the Bridge operators who are still running obfs2 (!!) to
>>>> move to supporting better, newer Pluggable Transports.  Currently
>>>> recommended PTs to run are: obfs3, obfs4, scramblesuit, and
>>>> fteproxy.  When Tor Browser 4.5 becomes stable (probably in mid-April
>>>> 2015), we'll want lots more obfs4 Bridges!  For the super adventurous
>>>> sysadmins who'd like to try Yawning's experimental new post-quantum
>>>> PT, Basket [1] is one of the newest PTs.
>>>
>>>
>>> More obfs4 bridges would be amazing.  It's worth noting that obfs4proxy
>>> can also handle obfs2 and 3 (and with a branch that I need to
>>> test/merge soon, a ScrambleSuit client), and it even is easy to run
>>> bridges on ports < 1024 without messing with port forwarding.
>>>
>>> Basket is still a research project and non-researchers shouldn't deploy
>>> it because the wire format may change (and it consumes a hilarious
>>> amount of bandwidth).
>>>
>>> We should probably come up with some easy instructions for operators
>>>> of Tor Bridge relays who are running Debian stable, such as adding an
>>>> Apt pin to pull in only the obfs4proxy package and its dependencies
>>>> from Debian jessie and keep everything else pinned to stable.  If
>>>> someone has done this, or has another simple solution, would you mind
>>>> writing up some short how-to on the steps you took, please?
>>>>
>>>> [0]:
>>>> http://lists.alioth.debian.org/pipermail/pkg-anonymity-
>>>> tools/Week-of-Mon-20150202/001119.html
>>>> [1]: https://github.com/yawning/basket
>>>
>>>
>>> All of obfs4proxy's dependencies are build time.  The binary is
>>> statically linked because that's what Go does.  David S.'s ansible-tor
>>> package does it like this:
>>>
>>> https://github.com/david415/ansible-tor/commit/
>>> f897581daa79389ddcb28c7dae601473e85e8226
>>>
>>> So the documentation should be a matter of "how to setup the apt pin
>>> for a single package".  I've heard someone complaining about the tor
>>> AppArmor profile but that also isn't something I've dealt with ever.
>>>
>>> Regards,
>>>
>>> --
>>> Yawning Angel
>>>
>>> [0]: I just scp the binary to my bridge whenever I need to update it,
>>> and my idea of how to update all my linux systems starts with "pacman"
>>> and not "apt-get".
>>>  _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
>
> --
>  http://www.backbox.org
> http://www.pentester.iz.rs
>
>
> _______________________________________________
> tor-relays mailing listtor-relays at lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150214/cf3b4dc0/attachment-0001.html>

More information about the tor-relays mailing list