Re: [tor-dev] OnionShare bug that's possibly caused by an upstream v3 onion bug
On 11/26/18 7:55 AM, David Goulet wrote: > I've opened this and marked it for backport: > https://trac.torproject.org/projects/tor/ticket/28619 > > Big thanks to everyone on that OnionShare ticket for the thorough report! > David Thank you! ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] OnionShare bug that's possibly caused by an upstream v3 onion bug
I've been working on a major OnionShare release that, among other things, will use v3 onion services by default. But it appears that either something in stem or in Tor deals with v3 onions differently than v2 onions, and causes a critical bug in OnionShare. It took a lot of work to track down exactly how to reproduce this bug, and I haven't opened an upstream issue for either stem or tor because I feel like I don't understand it enough yet. Here is the OnionShare issue [1]. Does anyone know if this is an issue with stem or tor, and how to go about mitigating it? Here's some background: When you share files with OnionShare it starts a local web server and then makes it an ephemeral onion service. Someone else loads this onion service in Tor Browser and downloads your files. If the setting "Stop sharing after first download" is checked (this is the default behavior), then as soon as the download completes, OnionShare stops the onion service and web server. If I share a 1mb file and a Tor Browser client makes an HTTP request to download it, OnionShare will respond with a 1mb HTTP response. As soon as it's done sending the 1mb, OnionShare stops the server and alerts the user that transfer is complete -- however, it's not actually complete yet. If you look at the client in Tor Browser, it's still downloading. It depends on the Tor circuit, but it might be only ~32% done, and you have to wait a few seconds for it to finish. This is because when the final byte of the 1mb file leaves the OnionShare web server, it takes a few seconds for that final byte to make it through the onion circuit and into Tor Browser download. This works fine with v2 onion services. But with v3 onion services, as soon as the OnionShare web server finishes sending the full HTTP response, the torified HTTP client stops downloading. I made a small python script, onion-bug.py, that reproduces the issue that you can test [2]. This script connects to the default Tor control port for Tor Browser, so open Tor Browser in the background. It then start an HTTP server and creates an onion service, and if you make a GET request to the server it responds with 2mb of "A" characters, and then immediately stops the web server and onion service. You have to pass in either "v2" or "v3", depending on which type of onion service to make. Like OnionShare, this script uses stem, and specifically the Controller.create_ephemeral_hidden_service method [3]. I just ran "./onion-bug.py v2" in one terminal and waited for it to start: ``` $ ./onion-bug.py v2 http service: http://127.0.0.1:8080/ starting onion service with: key_type='NEW', key_content='RSA1024' http://d7vomh45i7ryhhfw.onion/ ``` Then in a second terminal, I made the GET request: ``` $ torify curl http://d7vomh45i7ryhhfw.onion/ > out2 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 1024k0 1024k0 0 125k 0 --:--:-- 0:00:08 --:--:-- 245k ``` The script in the first terminal finished and quit (while curl on the second term finished the download for a few more seconds): ``` 127.0.0.1 - - [24/Nov/2018 21:12:52] "GET / HTTP/1.1" 200 - shutting down http server ``` The file, out1, is exactly 1mb. Now I tried doing the same, but with a v3 onion service: ``` $ ./onion-bug.py v3 http service: http://127.0.0.1:8080/ starting onion service with: key_type='NEW', key_content='ED25519-V3' http://htrzngqgb7ogyifsvah6qz7t6spe3rr7bikdws7d3rigkpwy5kuyrlqd.onion/ 127.0.0.1 - - [24/Nov/2018 21:14:22] "GET / HTTP/1.1" 200 - shutting down http server ``` And in the other terminal: ``` $ torify curl http://htrzngqgb7ogyifsvah6qz7t6spe3rr7bikdws7d3rigkpwy5kuyrlqd.onion/ > out2 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 298300 298300 0 3399 0 --:--:-- 0:00:08 --:--:-- 3399 ``` It only downloaded 29830 bytes before the download connection stopped, so out2 is only 30kb. I just tried it again, and this time only got 12kb downloaded. And I tried it again, and got 41kb downloaded. It appears to depend on the speed of the Tor circuit. The download only stops when the v3 onion service is shut down -- if you uncomment out the time.sleep(5) before calling remove_ephemeral_hidden_service at the end of the script, you'll be able to download the full 1mb using the v3 onion server. I'm pretty stumped on how to fix this and I'd appreciate any help. Until it's fixed, we'll either have to not include support for v3 onion services in OnionShare in the next major release (version 2.0), or include support but with the "Stop sharing after first download" only available for v2 onion services -- so probably we'd default to using v2 onion services, and users could optionally use v3 if they don't
Re: [tor-dev] stem support for v3 ephemeral onion services
On 01/25/2018 05:10 AM, David Goulet wrote: > On 25 Jan (06:50:30), teor wrote: >> >>> On 25 Jan 2018, at 05:14, Micah Lee <mi...@micahflee.com> wrote: >>> >>> Now that Tor Browser 7.5 is released and includes the tor 0.3.2 series, >>> which supports next generation onion services, I would love to make >>> OnionShare use these by default. Here is the issue [1]. >>> >>> OnionShare is written in python3 and relies on stem to communicate with >>> the Tor controller. Although tor now supports v3 ephemeral onion >>> services, stem still doesn't. Just take make sure, here's a quick test, >>> with Tor Browser 7.5 (providing tor 0.3.2.9) open in the background, and >>> using stem 1.6.0: >> >> Here is the current status of v3 onion control port support: >> >> This proposal is listed as "Finished": >> https://gitweb.torproject.org/torspec.git/tree/proposals/284-hsv3-control-port.txt >> >> And the code was merged into 0.3.3 (not 0.3.2): >> https://trac.torproject.org/projects/tor/ticket/20699 >> >> Stem typically tracks Tor's control spec. >> But the changed commands have not been integrated into control-spec.txt: >> https://trac.torproject.org/projects/tor/ticket/24847 > > This one is on me and I apologize... I haven't took the time to make a proper > control-spec.txt patch from the prop#284. > > I'll put this on my priority list so when 0.3.3 goes stable (~ April 15th), > we'll have a up to date control spec for Stem to work with. > > Cheers! > David Excellent, thank you so much for the updates. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
On 01/02/2017 08:45 PM, teor wrote: >> For my specific use-case, it would be great if you could pass an >> argument to ADD_ONION that makes that specific onion service >> non-anonymous, without changing anything globally. > > What is the OnionShare use case? > What are the anonymity expectations of OnionShare users? OnionShare is a tool to send files over the internet, so it can be used any time there's a need to do that. The security expectation is that the traffic can't be eavesdropped on by any attacker, but the anonymity expectation completely depends on the specific use case that it's being used for. I think it would be cool if there were an advanced option to let people use it to create non-anonymous onion services (the next version will include an advanced option to create stealth onion services). For example, maybe I want to use OnionShare to send my friend a 2GB video clip, but anonymity doesn't matter to me. My friend and I already know who each other are, and I'm not concerned about leaking what we're doing, I just don't want to leak the plaintext video footage. In this case, I might want to use a non-anonymous onion service just to make the file transfer faster. For another example, pretend I'm a wanting to send a classified Word document to a journalist. In this case, I really care about anonymity, so I wouldn't want to use the non-anonymous option (if the journalist is tech savvy enough to edit their torrc file, I'd probably want to use a stealth one though). ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
On 12/28/2016 12:40 PM, Yawning Angel wrote: > On Wed, 28 Dec 2016 12:19:17 -0800 > Micah Lee <mi...@micahflee.com> wrote: > >> And when other processes connect to the Tor control port and run >> create_ephemeral_hidden_service, those onion services wouldn't be >> non-anonymous? > > They'll be non-anonymous (as in, the options are global). This also > will not work if there is a SOCKS port configured. Basically, > unless you are launching your own copy of the tor daemon, just for > non-anonymous HSes, it's a terrible idea to use these options in > general. Thank you, this is good to know! For my specific use-case, it would be great if you could pass an argument to ADD_ONION that makes that specific onion service non-anonymous, without changing anything globally. But for the time-being I won't add support for non-anonymous onion services to OnionShare. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] non-anonymous ephemeral onion services with stem
On 12/28/2016 09:39 AM, Damian Johnson wrote: > Oops, great catch - thanks Micah! Added a note saying how to use them... > > "Version 1.5: Added support for non-anonymous services. To do so set > 'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1' > in your torrc." Excellent. I'm pretty sure this will work, but can you confirm? If I'd like to use a non-anonymous ephemeral onion service, would code that's something like this work, assuming c is a Controller? c.set_conf('HiddenServiceSingleHopMode', 1) c.set_conf('HiddenServiceNonAnonymousMode', 1) c.create_ephemeral_hidden_service(8080) And when other processes connect to the Tor control port and run create_ephemeral_hidden_service, those onion services wouldn't be non-anonymous? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] non-anonymous ephemeral onion services with stem
The stem documentation for create_ephemeral_hidden_service [1] says: "Changed in version 1.5.0: Added support for non-anonymous services." But I can't figure out to actually use this feature. There doesn't seem to be a new argument to say if you want your onion service to be non-anonymous. It also says, "Changed in version 1.5.0: Added the basic_auth argument." But there's a new basic_auth argument you can pass into the function to use that. [1] https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Troubleshooting Tor 0.2.7.1+ ephemeral hidden services
I'm trying to add support for ephemeral hidden services to OnionShare. They'll solve a wide variety of problems related to OnionShare using a system Tor instead of Tor browser, and running in environments like Tails or Whonix. I'd rather never write the hidden service info to disk anyway. I noticed that Tor Browser 5.5a2 comes with Tor 0.2.7.2-alpha, so it's easy to test. But so far I'm not having any success, at least with using stem. Before I open a bug report, either against stem or against tor, am I doing this right? I've made a simple test project: https://github.com/micahflee/ephemeral-hs-test It successfully appears to create the hidden service, but it never succeeds in connecting to itself. I also can't connect to it using Tor Browser. -- Micah Lee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Troubleshooting Tor 0.2.7.1+ ephemeral hidden services
On 09/08/2015 05:04 PM, Damian Johnson wrote: > Hi Micah, on first glance looks fine. For what it's worth here's the > example I got working a while back... > > https://stem.torproject.org/tutorials/over_the_river.html#ephemeral-hidden-services > > Cheers! -Damian Doh, I figured out what I did wrong. I was calling: res = c.create_ephemeral_hidden_service(WEB_PORT) When I should have been calling: res = c.create_ephemeral_hidden_service({ 80: WEB_PORT }, await_publication = True) The await_publication flag is great, too. Thanks, it's working for me now. -- Micah Lee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] How to distribute Tor with other software
Thanks, this is really helpful. On 05/20/14 21:10, meejah wrote: Micah Lee mi...@micahflee.com writes: When you run onionshare.py, it modifies /etc/tor/torrc and reloads the Tor config, and when it's done it restores the original torrc and reloads again. You could use one of the controller libraries (stem if you want synchronous, txtorcon if async/Twisted) to do this; they don't have to modify the torrc directly, just manipulate configuration via GETCONF and SETCONF. For Tails, this probably won't work unless you're root until #11291 is fixed + merged. Even better, with some work that David Stainton has been pushing forward in txtorcon [1] for use with Tahoe-LAFS, very soon making whatever stuff happen so you can cause a new hidden service to appear will be one line (serverFromString is a pluggable Twisted endpoint API): d = serverFromString(onion:80).listen(...) or, if you already have keys: d = serverFromString(onion:80:hiddenServiceDir=/foo/bar).listen(...) The stuff will depend, but will be a newly launched tor worst-case or a suitable local tor best-case. I realize this doesn't help you right away ;) but there are APIs to make this pretty straightforward with txtorcon right now; see these lines for an example: https://github.com/meejah/txtorcon/blob/master/examples/launch_tor_with_hiddenservice.py#L64-68 In the above save() will write to a file if you want, or to a currently-connecting running Tor. txtorcon concentrates on configuring running Tor instances; there may be better torrc-manipulation things in Stem but I don't know off the top of my head. (For the other way, David has a pull-request into txsocksx so that things like clientFromString('tor:blarg.onion') will work via SOCKS to 9050 or 9150). [1] -- gruesome details of his latest branch here, and there are some relevant ones in my repository as well: https://github.com/david415/txtorcon/compare/meejah:master...endpoint_parser_plugin-rewrite4 -- Micah Lee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] How to distribute Tor with other software
I just wrote a little program called OnionShare, that makes it simple to share a file securely using a password-protected Tor hidden service: https://github.com/micahflee/onionshare Right now it only runs in Tails. I'd like to make a versin that runs in OSX and Windows, too. How can I make software for OSX and Windows that relies on Tor like this, but without having to bundle Tor with it? I would really like to not be in the business of distributing Tor myself. When you run onionshare.py, it modifies /etc/tor/torrc and reloads the Tor config, and when it's done it restores the original torrc and reloads again. I could require people to open Tor Browser and have it just use the Tor that comes with that, except the fact that it needs to modify torrc makes that complicated. -- Micah Lee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] RecommendedTBBVersions
This URL has traditionally been a JSON string that lists the recommended version of TBB to install: https://check.torproject.org/RecommendedTBBVersions But the last couple days it's been returning 404. Did it move somewhere? Tor Browser Launcher uses it to figure out what version of TBB to download and install. Thanks! -- Micah Lee @micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] RecommendedTBBVersions
On 11/17/2013 02:27 PM, Roger Dingledine wrote: Should be back now: https://trac.torproject.org/projects/tor/ticket/10179 See also https://lists.torproject.org/pipermail/tor-talk/2013-November/031126.html Thanks! -- Micah Lee @micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization
On 05/23/2013 07:18 PM, Tom Ritter wrote: RPW's, et al's paper was made public today, and demonstrates several practical attacks on Hidden Services. http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf I was wondering if there were any private trac tickets, discussions, or development plans about this that might be also be made public. -tom Hi, I'm writing a blog post about these new attacks and how they affect document leak services such as Strongbox (http://www.newyorker.com/strongbox/) that rely on hidden services. Would it be fair to say that using the techniques published in this paper an attacker can deanonymize a hidden service? Based on this thread it looks like there are several open bugs that need to be fixed to prevent these attacks. It seems to be that hidden services still have advantages to leak sites (sources are forced to use Tor, end-to-end crypto without relying on CAs), but for the time being the anonymity of the document upload server isn't one of them. Is this accurate, and is there any estimate on how long do you think this will be the case? Months, years? -- Micah Lee @micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Help me test Tor Browser Launcher
On Wed, 10 Apr 2013 02:00:34 + adrelanos adrela...@riseup.net wrote: Hi, I've tested it... Building works like a charm. Well, if this is a request for testing, it should perhaps be posted to tor-talk? Good idea. I'll email tor-talk too. It downloads the Tor Browser Alpha Bundle. Is that a decision which has been made for all users of this download method? I really can't follow that logic. The Tor Blog always announces Alpha Bundles (which are a few versions ahead) and bundles, which are not called Alpha. The Tor Homepage doesn't recommend downloading the Alpha version as default download. If the Alpha is the new default for everyone, why still produce the other builds, which are not called alpha? It gets the current recommended version of TBB to install from: https://check.torproject.org/RecommendedTBBVersions I've noticed that sometimes these are alphas, but sometimes they aren't. I'm not sure who updates that document, or how they choose what versions to recommend. But I believe that's also what TorButton uses to check for updates. Before finding out about that URL, I was considering downloading https://www.torproject.org/dist/torbrowser/linux/ and programatically guessing what version to pick, but RecommendedTBBVersions is a much saner approach. -- Micah Lee https://twitter.com/micahflee signature.asc Description: PGP signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Help me test Tor Browser Launcher
On Wed, 10 Apr 2013 18:32:40 + adrelanos adrela...@riseup.net wrote: (If the decision is to make non-alpha default for all users) Speaking /bin/bash... Just grep for alpha and ignore those line. (Unless you're adding an option to prefer the alpha version.) You know, I honestly didn't notice that https://check.torproject.org/RecommendedTBBVersions contained both stable and alpha versions. I must have just glazed over. I just opened an issue about making it default to stable instead of alpha: https://github.com/micahflee/torbrowser-launcher/issues/28 I also opened an issue about making this optional, so people can choose to use alpha versions if they want: https://github.com/micahflee/torbrowser-launcher/issues/29 If anyone here wants to try to tackle any of these issues, I'd be more than happy to accept pull requests. Some are bite-sized. https://github.com/micahflee/torbrowser-launcher/issues?state=open -- Micah Lee https://twitter.com/micahflee signature.asc Description: PGP signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Help me test Tor Browser Launcher
I posted a little over a month ago about Tor Browser Launcher, a project I've been working on to make it easier for GNU/Linux users to securely download, install, keep updated, and launch TBB: https://github.com/micahflee/torbrowser-launcher I think it's about ready for a first release! I wrote a blog post all about it (including screenshots), where I ask for help testing it: https://micahflee.com/2013/04/sudo-apt-get-install-torbrowser/ Please give me feedback, and post any bugs you find on the GitHub issue tracker. Also, at Tom's suggestion I posted this ticket to get Tor Browser Launcher in deb.torproject.org: https://trac.torproject.org/projects/tor/ticket/8648 Can someone respond to get the ball rolling? Thanks! -- Micah Lee https://twitter.com/micahflee signature.asc Description: PGP signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Browser Launcher
Thanks for all this feedback! On 02/19/2013 02:56 PM, Jacob Appelbaum wrote: https://github.com/ioerror/torbrowser-launcher/commit/bfe97f49e53c1de5a697216bbab3ac6eb5d20090#L0R64 I'm not sure if arch is portable. I could easily switch it to uname -m, if that's more portable. My guess is that uname -m is more portable; though I bet that os.uname or sys.platform in Python would be the most portable. I'm now using os.uname(). This seems like the right way to do it. https://github.com/ioerror/torbrowser-launcher/commit/bfe97f49e53c1de5a697216bbab3ac6eb5d20090#L0R82 If HOME isn't set, what should happen? Should tbb_data be set to /tmp/tbb-USER or something? Well, I think that is an interesting question too. Are we sure that if HOME is set that we want to write to the disk? If so, I guess we should make a directory with mktemp or a similar Python call. I opened a new bug for handling empty HOME env variable: https://github.com/micahflee/torbrowser-launcher/issues/15 https://github.com/ioerror/torbrowser-launcher/commit/bfe97f49e53c1de5a697216bbab3ac6eb5d20090#L0R82 Yeah, we should depend on tar I think. I'd suggest libtarfile rather than tar - it is written in pure Python. I didn't know about libtarfile. That seems like a much better solution. I opened a bug for that too: https://github.com/micahflee/torbrowser-launcher/issues/14 If you want to git pull, I've made it so everything just automatically starts now, rather than waiting for the user to press the Start button. The only exception is if the signature verification fails, this still gives the user a choice. -- Micah Lee https://twitter.com/micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Browser Launcher
On 02/19/2013 06:39 PM, adrelanos wrote: What operating system are you using? Debian Wheezy. Weird, that's what I'm running Wheezy too. But just to be safe, I decided I'd make a new Debian Squeeze vm and try to build it and run it in there. I found several small problems and fixed them. develop ~/torbrowser-launcher $ python Python 2.7.3 (default, Jan 2 2013, 16:53:07) [GCC 4.7.2] on linux2 Type help, copyright, credits or license for more information. import locale locale.getdefaultlocale() (None, None) I haven't fixed this yet. But I did just open a bug for it: https://github.com/micahflee/torbrowser-launcher/issues/12 develop ~/torbrowser-launcher $ sudo apt-get install python-gtk2 [sudo] password for user: Reading package lists... Done Building dependency tree Reading state information... Done python-gtk2 is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 27 not upgraded. develop ~/torbrowser-launcher $ ./torbrowser-launcher Tor Browser Launcher https://github.com/micahflee/torbrowser-launcher Traceback (most recent call last): File ./torbrowser-launcher, line 352, in module app = TorBrowserLauncher(current_tbb_version) File ./torbrowser-launcher, line 55, in __init__ self.build_ui() File ./torbrowser-launcher, line 124, in build_ui settings.props.gtk_button_images = True AttributeError: 'gobject.GProps' object has no attribute 'gtk_button_images' develop ~/torbrowser-launcher $ I'm not sure why you're getting this error, but it's on the line that allows icons for buttons. Since it's not critical, I placed in a try block, so if it fails on your computer it shouldn't crash the program, the buttons just won't have icons. git pull origin master and try again, and let me know if you run into any other problems. -- Micah Lee https://twitter.com/micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Browser Launcher
if arch is portable. I could easily switch it to uname -m, if that's more portable. https://github.com/ioerror/torbrowser-launcher/commit/bfe97f49e53c1de5a697216bbab3ac6eb5d20090#L0R82 If HOME isn't set, what should happen? Should tbb_data be set to /tmp/tbb-USER or something? https://github.com/ioerror/torbrowser-launcher/commit/bfe97f49e53c1de5a697216bbab3ac6eb5d20090#L0R82 Yeah, we should depend on tar I think. Originally I wasn't thinking of releasing this for OS X, since I was thinking it would know about updated versions of TBB when torbrowser-launcher gets updated from the deb repositories. But now it seems plausible to make this cross-platform. However, Windows TBB releases are .exe, which wouldn't work with this. Maybe this should be GNU/Linux only at first, and future releases could be for OS X and Windows. -- Micah Lee https://twitter.com/micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Browser Launcher
On 02/18/2013 02:31 PM, adrelanos wrote: Why not phrase https://check.torproject.org/RecommendedTBBVersions ? No updates planed for it even in long term as far I am following trac... Oh cool, so Tor already has a file with the recommended TBB version! And this gets updated regularly when new TBB versions come out? -- Micah Lee https://twitter.com/micahflee signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev