#32550: Static tor in docker container
---------------------------------+-------------------------------
 Reporter:  thymbahutymba        |          Owner:  phw
     Type:  enhancement          |         Status:  assigned
 Priority:  Medium               |      Milestone:
Component:  Circumvention/Obfs4  |        Version:
 Severity:  Normal               |     Resolution:
 Keywords:  docker, s30-o24a2    |  Actual Points:
Parent ID:  #31281               |         Points:  2
 Reviewer:                       |        Sponsor:  Sponsor30-can
---------------------------------+-------------------------------
Changes (by phw):

 * keywords:  docker => docker, s30-o24a2
 * points:   => 2
 * sponsor:   => Sponsor30-can
 * parent:   => #31281


Comment:

 Replying to [comment:2 thymbahutymba]:
 > Replying to [comment:1 phw]:
 > > I like the idea of making our image more lightweight but I worry about
 the additional complexity in the build process. For example, we also need
 to include Tor's GeoIP database because otherwise the bridge won't be
 reporting the country codes of its clients. Debian's tor package depends
 on tor-geoipdb, which takes care of this for us.
 >
 > Actually this problem does not exist because looking at the debian
 geoipdb package [https://packages.debian.org/sid/all/tor-geoipdb/filelist
 tor-geoipdb] the interesting file are {{{/usr/share/tor/geoip*}}}; if we
 look at the result from the tor statically compilation these file are
 already present.
 [[br]]
 Gotcha, that certainly makes things easier.

 Another reservation I have is that this approach requires us to keep track
 of the latest versions of dependencies and their security vulnerabilities,
 which takes time and effort. Every time we're creating a new docker image,
 we need to figure out what the latest version of OpenSSL etc. is. A Debian
 package however takes care of this for us.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32550#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to