On Fri, Nov 25, 2022 at 12:57:30PM +0100, Caspar Schutijser wrote:
> Hi all,
>
> On Fri, Nov 25, 2022 at 02:17:07AM +0000, Yifei Zhan wrote:
> > On 22/11/24 10:22PM, Caspar Schutijser wrote:
> > > Hi,
> > >
> > > On Thu, Nov 24, 2022 at 05:27:59PM +0300, u...@disroot.org wrote:
> > > > > OK, I think you need to install obfs4proxy and then configure your
> > > > > Tor Browser. Here is my configuration in file
> > > > > ~/TorBrowser-Data/torrc:
> > > >
> > > > > ClientOnionAuthDir ...
> > > > > ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
> > > > > DataDirectory ...
> > > > > UseBridges 1
> > > > > Bridge obfs4 ...
> > > > > Bridge obfs4 ...
> > > >
> > > > Thank you! This works. Though I still wonder why on OpenBSD I need
> > > > to know how to configure torrc in order to get my bridges to work,
> > > > where on other os's I could just select built-in ones or paste
> > > > bridges as normal. Maybe somebody knows why this is the case? Do
> > > > maintainers on other os's just do additional configuration for
> > > > their users, but OpenBSD sticks to vanilla experience? Or was it a
> > > > change to reduce the attack surface for the majority of people who
> > > > don't live in a country where Tor is blocked?
> > >
> >
> > (Adding to what Caspar said)
> >
> > OpenBSD's Tor Browser port is built differently from Linux's, as far as I
> > know
> > most Linux distros' TBB package is based on Tor Project's prebuilt binary,
> > while
> > OpenBSD needs to build it from source, and the part of the work for bridge
> > integration is still WIP.
> >
> > >
> > > If anyone wants to help, that's appreciated. I saw some configuration
> > > snippets in some other emails, that already helps a bit. If anyone has
> > > drafts for diffs to Tor Browser, that would help as well.
> > > www/tor-browser/browser/files/torrc-defaults seems to be one piece of
> > > the puzzle.
> >
> > I have some WIP diffs which I will send out soon, once I finished some
> > other
> > updates.
>
> Looking forward to see what you came up with so that we can compare.
>
> In the meantime, I came up with the following.
>
> The "Select a Built-In Bridge" screen now shows the obfs4, Snowflake
> and meek-azure options instead of showing an empty screen. obfs4 is the
> only one that works at this moment though. Right now we don't have a
> Snowflake client, as far as I know. And as for meek, I tried to make it
> work with obfs4proxy as shown in a commented-out line in
> www/tor-browser/browser/files/torrc-defaults but that didn't
> work even though I saw some configuration snippets which hint at that.
> Either way, as long as Snowflake and meek don't work, I should probably
> filter them from bridges.js before appending them to 000-tor-browser.js.
Dear users in this thread, if possible, can you give this a spin?
With some help and feedback from the Tor Browser developers I
came up with the following diff. I verified that I can use
the meek-azure and obfs4 Pluggable Transports. With a
local (uncommitted) snowflake_client port Snowflake also worked but
I'll get back to that some other time.
No REVISION bump is included in this diff since I'm planning on
gathering feedback first and I'll probably commit this after
Tor Browser 12.0.1 is out.
Caspar
Index: browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.98
diff -u -p -r1.98 Makefile
--- browser/Makefile 13 Dec 2022 19:35:35 -0000 1.98
+++ browser/Makefile 16 Dec 2022 17:15:02 -0000
@@ -16,7 +16,8 @@ DISTNAME = src-firefox-tor-browser-102.
FIX_EXTRACT_PERMISSIONS = Yes
DISTFILES += ${DISTNAME}.tar.xz \
- tor-browser-linux64-${TB_VERSION}_ALL.tar.xz
+ tor-browser-linux64-${TB_VERSION}_ALL.tar.xz \
+ tor-expert-bundle-${TB_VERSION}-linux-x86_64.tar.gz
SO_VERSION = 8.0
MOZILLA_LIBS = xul clearkey lgpllibs mozavcodec mozavutil mozgtk
@@ -74,7 +75,8 @@ MAKE_ENV += BUILD_OPT=1 \
NSS_ENABLE_ECC=1 \
XCFLAGS="-I${LOCALBASE}/include ${CFLAGS}"
-RUN_DEPENDS += net/tor>=0.4.7.12
+RUN_DEPENDS += net/obfs4proxy>=0.0.14 \
+ net/tor>=0.4.7.12
CONFIGURE_ARGS += --enable-release #1386371
CONFIGURE_ARGS += --enable-sandbox
@@ -103,7 +105,16 @@ post-patch:
# Not using a patch for this; patch context would contain UTF-8
sed -i 's/#ifdef XP_LINUX/#if defined(XP_LINUX) ||
defined(XP_OPENBSD)/' \
${WRKSRC}/browser/app/profile/000-tor-browser.js
- ln -s ${WRKSRC}/mozconfig-linux-x86_64 ${WRKSRC}/.mozconfig
+ ln -fs ${WRKSRC}/mozconfig-linux-x86_64 ${WRKSRC}/.mozconfig
+
+ # add bridges that we support
+.for pt in meek-azure obfs4
+ I=1; \
+ cat ${WRKDIR}/tor/pluggable_transports/bridges_list.${pt}.txt | while
read -r line ; do \
+ echo "pref(\"extensions.torlauncher.default_bridge.${pt}.$$I\",
\"$$line\");" >>${WRKSRC}/browser/app/profile/000-tor-browser.js; \
+ I=$$((I + 1)); \
+ done
+.endfor
${SUBST_CMD} ${WRKSRC}/xpcom/build/BinaryPath.h
Index: browser/distinfo
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
retrieving revision 1.59
diff -u -p -r1.59 distinfo
--- browser/distinfo 13 Dec 2022 19:35:35 -0000 1.59
+++ browser/distinfo 16 Dec 2022 17:15:02 -0000
@@ -1,4 +1,6 @@
SHA256 (mozilla/src-firefox-tor-browser-102.5.0esr-12.0-2-build1.tar.xz) =
1lAT1yT2ACsBRz5800oRco3PXjOQu3FlAYwfQuQugtQ=
SHA256 (mozilla/tor-browser-linux64-12.0_ALL.tar.xz) =
hQzmAdgVusY+T1k3ZG0rSXFzviiyezCnUm67lGpFmHQ=
+SHA256 (mozilla/tor-expert-bundle-12.0-linux-x86_64.tar.gz) =
ksI//Z32/KB6fgamVCtk1ew2LnNKJopBEN7H1caZWc8=
SIZE (mozilla/src-firefox-tor-browser-102.5.0esr-12.0-2-build1.tar.xz) =
512766100
SIZE (mozilla/tor-browser-linux64-12.0_ALL.tar.xz) = 105202872
+SIZE (mozilla/tor-expert-bundle-12.0-linux-x86_64.tar.gz) = 17666538
Index: browser/files/torrc-defaults
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/torrc-defaults,v
retrieving revision 1.1
diff -u -p -r1.1 torrc-defaults
--- browser/files/torrc-defaults 13 Feb 2020 07:41:53 -0000 1.1
+++ browser/files/torrc-defaults 16 Dec 2022 17:15:02 -0000
@@ -20,7 +20,10 @@ GeoIPv6File ${LOCALBASE}/share/tor/geoip
#ClientTransportPlugin fte exec fteproxy --managed
## obfs4proxy configuration
-#ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec obfs4proxy
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec
/usr/local/bin/obfs4proxy
+
+## snowflake configuration
+#ClientTransportPlugin snowflake exec /usr/local/bin/snowflake_client
## flash proxy configuration
#
