Is it possible to install the obfs4proxy package securely (with signature verification) on Ubuntu? I looked at this a while ago, but couldn't figure out how to make it work.

Thanks,
Alexander
---
PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B

On 2015-02-03 01:14, Yawning Angel wrote:

On Mon, 2 Feb 2015 22:41:40 +0000
isis <isis@torproject.org> wrote:

I requested that the obfs4proxy package in Debian jessie be ported to
wheezy-backports, [0] however, it seems this is extremely unlikely to
happen because it would mean backporting pretty much every Golang
package in existence.

Last I heard, that was mostly unnecessary, though how exactly this apt
pinning stuff works is a mystery to me[0].

I would be super stoked if we could make it as easy and seamless as
possible for the Bridge operators who are still running obfs2 (!!) to
move to supporting better, newer Pluggable Transports.  Currently
recommended PTs to run are: obfs3, obfs4, scramblesuit, and
fteproxy.  When Tor Browser 4.5 becomes stable (probably in mid-April
2015), we'll want lots more obfs4 Bridges!  For the super adventurous
sysadmins who'd like to try Yawning's experimental new post-quantum
PT, Basket [1] is one of the newest PTs.

More obfs4 bridges would be amazing.  It's worth noting that obfs4proxy
can also handle obfs2 and 3 (and with a branch that I need to
test/merge soon, a ScrambleSuit client), and it even is easy to run
bridges on ports < 1024 without messing with port forwarding.

Basket is still a research project and non-researchers shouldn't deploy
it because the wire format may change (and it consumes a hilarious
amount of bandwidth).

We should probably come up with some easy instructions for operators
of Tor Bridge relays who are running Debian stable, such as adding an
Apt pin to pull in only the obfs4proxy package and its dependencies
from Debian jessie and keep everything else pinned to stable.  If
someone has done this, or has another simple solution, would you mind
writing up some short how-to on the steps you took, please?

[0]:
http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/Week-of-Mon-20150202/001119.html
[1]: https://github.com/yawning/basket

All of obfs4proxy's dependencies are build time.  The binary is
statically linked because that's what Go does.  David S.'s ansible-tor
package does it like this:

https://github.com/david415/ansible-tor/commit/f897581daa79389ddcb28c7dae601473e85e8226

So the documentation should be a matter of "how to setup the apt pin
for a single package".  I've heard someone complaining about the tor
AppArmor profile but that also isn't something I've dealt with ever.

Regards,

--
Yawning Angel

[0]: I just scp the binary to my bridge whenever I need to update it,
and my idea of how to update all my linux systems starts with "pacman"
and not "apt-get".

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays