[tor-relays] [tor-assistants] Running obfs4proxy on Debian Stable

Alexander Dietrich alexander at dietrich.cx
Tue Feb 3 17:33:10 UTC 2015 

Is it possible to install the obfs4proxy package securely (with 
signature verification) on Ubuntu? I looked at this a while ago, but 
couldn't figure out how to make it work.

Thanks,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B

On 2015-02-03 01:14, Yawning Angel wrote:
> On Mon, 2 Feb 2015 22:41:40 +0000
> isis <isis at torproject.org> wrote:
>> I requested that the obfs4proxy package in Debian jessie be ported to
>> wheezy-backports, [0] however, it seems this is extremely unlikely to
>> happen because it would mean backporting pretty much every Golang
>> package in existence.
> 
> Last I heard, that was mostly unnecessary, though how exactly this apt
> pinning stuff works is a mystery to me[0].
> 
>> I would be super stoked if we could make it as easy and seamless as
>> possible for the Bridge operators who are still running obfs2 (!!) to
>> move to supporting better, newer Pluggable Transports.  Currently
>> recommended PTs to run are: obfs3, obfs4, scramblesuit, and
>> fteproxy.  When Tor Browser 4.5 becomes stable (probably in mid-April
>> 2015), we'll want lots more obfs4 Bridges!  For the super adventurous
>> sysadmins who'd like to try Yawning's experimental new post-quantum
>> PT, Basket [1] is one of the newest PTs.
> 
> More obfs4 bridges would be amazing.  It's worth noting that obfs4proxy
> can also handle obfs2 and 3 (and with a branch that I need to
> test/merge soon, a ScrambleSuit client), and it even is easy to run
> bridges on ports < 1024 without messing with port forwarding.
> 
> Basket is still a research project and non-researchers shouldn't deploy
> it because the wire format may change (and it consumes a hilarious
> amount of bandwidth).
> 
>> We should probably come up with some easy instructions for operators
>> of Tor Bridge relays who are running Debian stable, such as adding an
>> Apt pin to pull in only the obfs4proxy package and its dependencies
>> from Debian jessie and keep everything else pinned to stable.  If
>> someone has done this, or has another simple solution, would you mind
>> writing up some short how-to on the steps you took, please?
>> 
>> [0]:
>> http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html
>> [1]: https://github.com/yawning/basket
> 
> All of obfs4proxy's dependencies are build time.  The binary is
> statically linked because that's what Go does.  David S.'s ansible-tor
> package does it like this:
> 
> https://github.com/david415/ansible-tor/commit/f897581daa79389ddcb28c7dae601473e85e8226
> 
> So the documentation should be a matter of "how to setup the apt pin
> for a single package".  I've heard someone complaining about the tor
> AppArmor profile but that also isn't something I've dealt with ever.
> 
> Regards,
> 
> --
> Yawning Angel
> 
> [0]: I just scp the binary to my bridge whenever I need to update it,
> and my idea of how to update all my linux systems starts with "pacman"
> and not "apt-get".
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list