On Tue, Jul 18, 2023 at 08:52:00AM +0000, Patrick Schleizer wrote: > One thing to consider: A few onions are tor+https but most are tor+http. But > I guess that's not an issue because http vs https is declared in the > repository configuration files.
Yeah, we'll just prepend 'tor+' if that was asked, and leave everything else as is. > > I think this would be a nice feature to have, indeed. > > Thank you for your interest in this feature! > > > However, given that I have zero experience with tor, I would need some help > > with the design of such a feature. > > Sure thing! I've given this some more thought, and I think a better design would be this: --tor=onion: use .onion URLs, fail if no such setting exists for the requested repository. --tor=tunnel: use tor+http(s), ignore .onion URLs. --tor=auto: use .onion, fall back on tor+http(s). --tor=if-onion: use .onion if available, fall back on regular URLs. All these values would be settable using a "tor:" line in /etc/extrepo/config.yaml, too. > > In order to make sure that the data is correct and complete, we would need > > to be able to validate .onion URLs in the CI jobs, which involves > > downloading repository metadata and making sure it looks sensible. Do you > > know if it is possible to reach the tor network from a container? > > If you want to test onion availability without use of apt-get? In that case, > the torsocks package will help. Use of torsocks is very simple. Simply > prepend it in front of the command you intent to use and the connection will > be torified. Example usage: torsocks curl oniondomain.onion I tried this, in the "onion" branch of https://salsa.debian.org/extrepo-team/extrepo-data, but it failed for reasons I don't understand. Would you care to take a look? Thanks, -- w@uter.{be,co.za} wouter@{grep.be,fosdem.org,debian.org} I will have a Tin-Actinium-Potassium mixture, thanks.