subject:"\[tor\-bugs\] #32550 \[Circumvention\/Obfs4\]\: Static tor in docker container"

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2020-05-07 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+---
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker   |  Actual Points:
Parent ID:  #31281   | Points:  2
 Reviewer:   |Sponsor:  Sponsor30-can
-+---
Changes (by gaba):

 * keywords:  docker, s30-o24a2, anti-censorship-roadmap-2020Q1 => docker


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2020-02-26 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+-
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker, s30-o24a2, anti-censorship-  |  Actual Points:
  roadmap-2020Q1 |
Parent ID:  #31281   | Points:  2
 Reviewer:   |Sponsor:
 |  Sponsor30-can
-+-

Comment (by thymbahutymba):

 > Another reservation I have is that this approach requires us to keep
 track of the latest versions of dependencies and their security
 vulnerabilities, which takes time and effort. Every time we're creating a
 new docker image, we need to figure out what the latest version of OpenSSL
 etc. is. A Debian package however takes care of this for us.

 I don't know the smart reply for such problem. However I think that here
 the point is that you are putting your trust in Debian packager but
 different approach can be the rolling-release one, in this case we can
 update every time the tor-static docker version with the latest release of
 each library having somehow the benefit of doubt about vulnerabilities.
 Wheter they are present, after the discover, new version should be
 available and updating it should solve such problem. Hoping I've clarified
 my point of view even if I'm not undred percent sure about it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2020-02-04 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+-
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker, s30-o24a2, anti-censorship-  |  Actual Points:
  roadmap-2020Q1 |
Parent ID:  #31281   | Points:  2
 Reviewer:   |Sponsor:
 |  Sponsor30-can
-+-
Changes (by gaba):

 * keywords:  docker, s30-o24a2 => docker, s30-o24a2, anti-censorship-
 roadmap-2020Q1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2019-12-09 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+---
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker, s30-o24a2|  Actual Points:
Parent ID:  #31281   | Points:  2
 Reviewer:   |Sponsor:  Sponsor30-can
-+---

Comment (by phw):

 Replying to [comment:3 thymbahutymba]:
 > I was building again all and I saw that I've made two mistake in the
 Makefile. In order to fix it so that you are able to build by yourself
 without any trouble here the fixing.
 > * In {{{tor}}} target remove libseccomp (that is not present at all);
 > * In {{{tor-${TOR_VER i forgot one slash into the url. The correct
 url is: {{{${TOR}/$@.tar.gz}}}.
 > Forgive me about those mistake, I'm really sorry.
 [[br]]
 No worries! With these changes, I managed to build a statically-compiled
 tor binary with your Makefile.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2019-12-09 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+---
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker, s30-o24a2|  Actual Points:
Parent ID:  #31281   | Points:  2
 Reviewer:   |Sponsor:  Sponsor30-can
-+---
Changes (by phw):

 * keywords:  docker => docker, s30-o24a2
 * points:   => 2
 * sponsor:   => Sponsor30-can
 * parent:   => #31281


Comment:

 Replying to [comment:2 thymbahutymba]:
 > Replying to [comment:1 phw]:
 > > I like the idea of making our image more lightweight but I worry about
 the additional complexity in the build process. For example, we also need
 to include Tor's GeoIP database because otherwise the bridge won't be
 reporting the country codes of its clients. Debian's tor package depends
 on tor-geoipdb, which takes care of this for us.
 >
 > Actually this problem does not exist because looking at the debian
 geoipdb package [https://packages.debian.org/sid/all/tor-geoipdb/filelist
 tor-geoipdb] the interesting file are {{{/usr/share/tor/geoip*}}}; if we
 look at the result from the tor statically compilation these file are
 already present.
 [[br]]
 Gotcha, that certainly makes things easier.

 Another reservation I have is that this approach requires us to keep track
 of the latest versions of dependencies and their security vulnerabilities,
 which takes time and effort. Every time we're creating a new docker image,
 we need to figure out what the latest version of OpenSSL etc. is. A Debian
 package however takes care of this for us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2019-11-22 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+--
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by thymbahutymba):

 I was building again all and I saw that I've made two mistake in the
 Makefile. In order to fix it so that you are able to build by yourself
 without any trouble here the fixing.
 * In {{{tor}}} target remove libseccomp (that is not present at all);
 * In {{{tor-${TOR_VER i forgot one slash into the url. The correct url
 is: {{{${TOR}/$@.tar.gz}}}.
 Forgive me about those mistake, I'm really sorry.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2019-11-21 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+--
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by thymbahutymba):

 Replying to [comment:1 phw]:
 > So the idea is to use a more lightweight image, like alpine, and copy a
 statically-compiled tor binary into the image?

 Yes that is the idea.

 > I like the idea of making our image more lightweight but I worry about
 the additional complexity in the build process. For example, we also need
 to include Tor's GeoIP database because otherwise the bridge won't be
 reporting the country codes of its clients. Debian's tor package depends
 on tor-geoipdb, which takes care of this for us.

 Actually this problem does not exist because looking at the debian geoipdb
 package [https://packages.debian.org/sid/all/tor-geoipdb/filelist tor-
 geoipdb] the interesting file are {{{/usr/share/tor/geoip*}}}; if we look
 at the result from the tor statically compilation these file are already
 present.

 {{{
 $ ls -al etc/tor/ share/tor/ bin/
 bin/:
 total 23816
 drwxr-xr-x 2 alarm alarm 4096 Nov 19 22:03 ./
 drwxr-xr-x 5 alarm alarm 4096 Nov 20 16:57 ../
 -rwxr-xr-x 1 alarm alarm 15843708 Nov 19 22:03 tor*
 -rwxr-xr-x 1 alarm alarm  3934620 Nov 19 22:03 tor-gencert*
 -rwxr-xr-x 1 alarm alarm 1375 Nov 19 22:03 torify*
 -rwxr-xr-x 1 alarm alarm  3253832 Nov 19 22:03 tor-print-ed-signing-cert*
 -rwxr-xr-x 1 alarm alarm  1335172 Nov 19 22:03 tor-resolve*

 etc/tor/:
 total 20
 drwxr-xr-x 2 alarm alarm  4096 Nov 19 22:03 ./
 drwxr-xr-x 3 alarm alarm  4096 Nov 19 22:03 ../
 -rw-r--r-- 1 alarm alarm 11663 Nov 19 22:03 torrc.sample

 share/tor/:
 total 7356
 drwxr-xr-x 2 alarm alarm4096 Nov 19 22:03 ./
 drwxr-xr-x 3 alarm alarm4096 Nov 19 22:03 ../
 -rw-r--r-- 1 alarm alarm 4647198 Nov 19 22:03 geoip
 -rw-r--r-- 1 alarm alarm 2871417 Nov 19 22:03 geoip6
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

2019-11-21 Thread Tor Bug Tracker & Wiki

#32550: Static tor in docker container
-+--
 Reporter:  thymbahutymba|  Owner:  phw
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Obfs4  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  docker   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by phw):

 * keywords:   => docker
 * owner:  (none) => phw
 * component:  Circumvention => Circumvention/Obfs4
 * status:  new => assigned


Comment:

 So the idea is to use a more lightweight image, like alpine, and copy a
 statically-compiled tor binary into the image? I like the idea of making
 our image more lightweight but I worry about the additional complexity in
 the build process. For example, we also need to include Tor's GeoIP
 database because otherwise the bridge won't be reporting the country codes
 of its clients. Debian's tor package depends on tor-geoipdb, which takes
 care of this for us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

Re: [tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container

8 matches

Site Navigation

Mail list logo

Footer information