From 9dbc5c3953266b0ff24518f9555c1ea5da0d379a Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Tue, 9 May 2023 22:54:23 +0300 Subject: [PATCH 01/34] Update Dockerfile install obfs proxy --- tor/Dockerfile | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tor/Dockerfile b/tor/Dockerfile index 4b1170a..c019b34 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -15,6 +15,29 @@ RUN \ openssl=3.0.8-r4 \ tor=0.4.7.13-r1 +# Install Go for building obfs4proxy. +RUN apk add go git ca-certificates +RUN mkdir -p /go/src /go/bin +RUN chmod -R 644 /go +ENV GOPATH /go +ENV PATH /go/bin:$PATH +WORKDIR /go + +# Install tor and obfs4proxy with the ability to bind on low ports. +RUN apk add libcap +RUN apk add tor --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community + +# Remove cache to reduce image size. +RUN rm -rf /var/cache/apk/* + +# Install obfs4proxy +RUN go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy +RUN mv /go/bin/obfs4proxy /usr/local/bin/obfs4proxy + +# Give obfs4proxy the capability to bind port 80. This line isn't necessary if +# you use a high (unprivileged) port. +RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy + HEALTHCHECK \ --start-period=5m \ --interval=60s \ From a8f2097e9decb506a1208461c7d9763913c99d49 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Tue, 9 May 2023 22:57:39 +0300 Subject: [PATCH 02/34] Update config.yaml Default bridges --- tor/config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tor/config.yaml b/tor/config.yaml index 2b3436c..ca96e4e 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -27,6 +27,7 @@ options: ports: - "8123" - "8123:80" + bridges: [] schema: log_level: list(trace|debug|info|notice|warning|error|fatal)? socks: bool From 1677607371695ccd203fb805115a15810ed16376 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Tue, 9 May 2023 23:17:24 +0300 Subject: [PATCH 03/34] Update run --- tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index ee19f89..b08d33e 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -211,3 +211,13 @@ then echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}" fi + +# Configure bridges +if bashio::config.has_value 'bridges'; +then + echo 'UseBridges 1' >> "${torrc}" + echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> "${torrc}" + while read -r bridge; do + echo "Bridge obfs4 ${bridge}" >> "${torrc}" + done <<< "$(bashio::config 'bridges')" +fi From 8726337e4093dd76856dbcf32e53ba2078bea2c6 Mon Sep 17 00:00:00 2001 From: akrigator Date: Fri, 12 May 2023 01:52:30 +0300 Subject: [PATCH 04/34] Add obfs4 bridges support --- tor/DOCS.md | 20 +++++++++++++++ tor/Dockerfile | 14 +++++------ tor/config.yaml | 2 ++ .../etc/s6-overlay/s6-rc.d/init-tor/run | 25 +++++++++++-------- tor/translations/en.yaml | 4 +++ 5 files changed, 48 insertions(+), 17 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index 4fb592c..5342e7d 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -51,6 +51,7 @@ client_names: - haremote2 ports: - 8123 +bridges: [] ``` **Note**: _This is just an example, don't copy and past it! Create your own!_ @@ -150,6 +151,25 @@ The accepted syntaxs of this configuration is: If you do not define a published port, the local port will be used. If you do not define a hostname or IP adress `homeassistant` will be used. +### Option: `bridges` + +> The addon supports `obfs4` bridge only + +Bridges are Tor relays that help you circumvent censorship. + +Because bridge addresses are not public, you will need to request them yourself. You have a few options: + +* Visit https://bridges.torproject.org/ and follow the instructions, or +* Email bridges@torproject.org from a Gmail, or Riseup email address +* Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. + +For example: + +```yaml +bridges: + - "obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA iat-mode=0" +``` + ## Tor client access setup Using this add-on, you can access your Home Assistant instance over Tor from diff --git a/tor/Dockerfile b/tor/Dockerfile index c019b34..9804f5f 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -16,28 +16,28 @@ RUN \ tor=0.4.7.13-r1 # Install Go for building obfs4proxy. -RUN apk add go git ca-certificates +RUN apk add go git ca-certificates libcap RUN mkdir -p /go/src /go/bin RUN chmod -R 644 /go ENV GOPATH /go ENV PATH /go/bin:$PATH WORKDIR /go -# Install tor and obfs4proxy with the ability to bind on low ports. -RUN apk add libcap -RUN apk add tor --update-cache --repository http://dl-4.alpinelinux.org/alpine/edge/community - # Remove cache to reduce image size. RUN rm -rf /var/cache/apk/* # Install obfs4proxy -RUN go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy -RUN mv /go/bin/obfs4proxy /usr/local/bin/obfs4proxy +RUN git clone https://github.com/Yawning/obfs4.git +WORKDIR /go/obfs4/ +RUN go build -o obfs4proxy/obfs4proxy ./obfs4proxy +RUN mv obfs4proxy/obfs4proxy /usr/local/bin/obfs4proxy # Give obfs4proxy the capability to bind port 80. This line isn't necessary if # you use a high (unprivileged) port. RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy +WORKDIR / + HEALTHCHECK \ --start-period=5m \ --interval=60s \ diff --git a/tor/config.yaml b/tor/config.yaml index ca96e4e..8cacb68 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -37,3 +37,5 @@ schema: - match(^[A-Za-z0-9+-_]{1,16}$) ports: - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) + bridges: + - match(^obfs4 ((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}:((6553[0-5])|(655[0-2][0-9])|(65[0-4][0-9]{2})|(6[0-4][0-9]{3})|([1-5][0-9]{4})|([0-5]{0,5})|([0-9]{1,4}))( \w{40})( cert=\S{70})( iat-mode=[0-2])?$) diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index b08d33e..0702b45 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -125,6 +125,21 @@ if bashio::config.true 'hidden_services'; then done fi +# Configure bridges +if bashio::config.exists 'bridges'; +then + echo "UseBridges 1" >> "${torrc}" + echo 'ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed' >> "${torrc}" + + bashio::log.info 'Setup obfs4 bridges:' + while read -r bridge; do + bashio::log.info "Bridge ${bridge}" + echo "Bridge ${bridge}" >> "${torrc}" + done <<< "$(bashio::config 'bridges')" +else + bashio::log.info 'obfs4 bridges disabled' +fi + # Figure out the address if bashio::config.true 'hidden_services'; then bashio::log.info 'Starting Tor temporarly...' @@ -211,13 +226,3 @@ then echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}" fi - -# Configure bridges -if bashio::config.has_value 'bridges'; -then - echo 'UseBridges 1' >> "${torrc}" - echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> "${torrc}" - while read -r bridge; do - echo "Bridge obfs4 ${bridge}" >> "${torrc}" - done <<< "$(bashio::config 'bridges')" -fi diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index 61fc685..d1e0b40 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -30,5 +30,9 @@ configuration: description: >- Configures hosts and ports to publish via a Tor Hidden Service. Check the add-on documentation for the exact format to enter here. + bridges: + name: Bridges + description: >- + Configures bridges from gotten from https://bridges.torproject.org/bridges/?transport=obfs4 network: 9050/tcp: Tor SOCKS proxy port From 8557906d5c7f435f2fa7e6ae1bf7442749c02bf7 Mon Sep 17 00:00:00 2001 From: akrigator Date: Wed, 16 Aug 2023 23:16:50 +0300 Subject: [PATCH 05/34] Update transaltion --- tor/translations/en.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index d1e0b40..d4961de 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -33,6 +33,6 @@ configuration: bridges: name: Bridges description: >- - Configures bridges from gotten from https://bridges.torproject.org/bridges/?transport=obfs4 + Configures bridges gotten via [https://bridges.torproject.org](https://bridges.torproject.org/bridges/?transport=obfs4) network: 9050/tcp: Tor SOCKS proxy port From 28532a8cc495d2fe579012e7b2dbba2812300538 Mon Sep 17 00:00:00 2001 From: akrigator Date: Wed, 16 Aug 2023 23:45:09 +0300 Subject: [PATCH 06/34] Markdown experiment --- tor/translations/en.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index d4961de..7718dcc 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -33,6 +33,9 @@ configuration: bridges: name: Bridges description: >- - Configures bridges gotten via [https://bridges.torproject.org](https://bridges.torproject.org/bridges/?transport=obfs4) + Configures bridges gotten via + [1](https://bridges.torproject.org/bridges/?transport=obfs4) + 2 + 3 <a href="https://bridges.torproject.org/bridges/?transport=obfs4">bridges.torproject.org</a> network: 9050/tcp: Tor SOCKS proxy port From 308dde9367522006d97f0890ba10d3ff1166375f Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 17 Aug 2023 01:17:31 +0300 Subject: [PATCH 07/34] Move bridge link to doc from translation --- tor/DOCS.md | 3 ++- tor/translations/en.yaml | 5 +---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index 5342e7d..e7a1f61 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -159,7 +159,7 @@ Bridges are Tor relays that help you circumvent censorship. Because bridge addresses are not public, you will need to request them yourself. You have a few options: -* Visit https://bridges.torproject.org/ and follow the instructions, or +* Visit [Tor][tor-bridges-obfs4] and follow the instructions, or * Email bridges@torproject.org from a Gmail, or Riseup email address * Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. @@ -281,3 +281,4 @@ SOFTWARE. [releases]: https://github.com/hassio-addons/addon-tor/releases [semver]: http://semver.org/spec/v2.0.0.htm [tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en +[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index 7718dcc..eb21d67 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -33,9 +33,6 @@ configuration: bridges: name: Bridges description: >- - Configures bridges gotten via - [1](https://bridges.torproject.org/bridges/?transport=obfs4) - 2 - 3 <a href="https://bridges.torproject.org/bridges/?transport=obfs4">bridges.torproject.org</a> + Configures bridges gotten via [tor][tor-bridges-obfs4] network: 9050/tcp: Tor SOCKS proxy port From d241652a65db3f906f3bb30cfde8771adf8d1925 Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 17 Aug 2023 01:18:13 +0300 Subject: [PATCH 08/34] Move bridge link to doc from translation --- tor/DOCS.md | 2 +- tor/translations/en.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index e7a1f61..849604e 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -159,7 +159,7 @@ Bridges are Tor relays that help you circumvent censorship. Because bridge addresses are not public, you will need to request them yourself. You have a few options: -* Visit [Tor][tor-bridges-obfs4] and follow the instructions, or +* Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or * Email bridges@torproject.org from a Gmail, or Riseup email address * Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index eb21d67..d08bdc4 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -33,6 +33,7 @@ configuration: bridges: name: Bridges description: >- - Configures bridges gotten via [tor][tor-bridges-obfs4] + Configures bridges to establish connection with Tor Network. Check the + add-on documentation for the exact format to enter here. network: 9050/tcp: Tor SOCKS proxy port From d42332c43d324fb1ceed0a78cb9ad1962c7d20f8 Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 17 Aug 2023 19:23:28 +0300 Subject: [PATCH 09/34] Snowflake bridge support --- tor/DOCS.md | 22 +++++++++++++- tor/Dockerfile | 12 +++++--- tor/config.yaml | 22 ++++++++++++-- .../etc/s6-overlay/s6-rc.d/init-tor/run | 29 +++++++++++++++---- 4 files changed, 73 insertions(+), 12 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index 849604e..5c5de4e 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -151,11 +151,30 @@ The accepted syntaxs of this configuration is: If you do not define a published port, the local port will be used. If you do not define a hostname or IP adress `homeassistant` will be used. +### Option: `snowflake_url` + +URL of signaling broker for snowflake client + +### Option: `snowflake_front` + +Front domain for snowflake client + +### Option: `snowflake_ice` + +List of ICE servers for snowflake client + ### Option: `bridges` -> The addon supports `obfs4` bridge only +> Keep the option value clean to avoid using of any transport plugins and bridges. Bridges are Tor relays that help you circumvent censorship. +Access to bridges is provided by supported transport plugins: + +#### Snowflake + +Look [here][what-is-snowflake] about + +#### OBFS Because bridge addresses are not public, you will need to request them yourself. You have a few options: @@ -282,3 +301,4 @@ SOFTWARE. [semver]: http://semver.org/spec/v2.0.0.htm [tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en [tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 +[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ \ No newline at end of file diff --git a/tor/Dockerfile b/tor/Dockerfile index 275e6e9..0540786 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -21,16 +21,20 @@ RUN mkdir -p /go/src /go/bin RUN chmod -R 644 /go ENV GOPATH /go ENV PATH /go/bin:$PATH -WORKDIR /go # Remove cache to reduce image size. RUN rm -rf /var/cache/apk/* # Install obfs4proxy -RUN git clone https://github.com/Yawning/obfs4.git +RUN git clone https://github.com/Yawning/obfs4.git /go/obfs4/ WORKDIR /go/obfs4/ -RUN go build -o obfs4proxy/obfs4proxy ./obfs4proxy -RUN mv obfs4proxy/obfs4proxy /usr/local/bin/obfs4proxy +RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy + +# Install snowflake +RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ +WORKDIR /go/snowflake/client/ +RUN go get +RUN go build -o /usr/local/bin/snowflake # Give obfs4proxy the capability to bind port 80. This line isn't necessary if # you use a high (unprivileged) port. diff --git a/tor/config.yaml b/tor/config.yaml index 8cacb68..5fe2caf 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -27,7 +27,21 @@ options: ports: - "8123" - "8123:80" - bridges: [] + snowflake_url: "https://snowflake-broker.torproject.net.global.prod.fastly.net/" + snowflake_front: "cdn.sstatic.net" + snowflake_ice: + - "stun:stun.voip.blackberry.com:3478" + - "stun:stun.antisip.com:3478" + - "stun:stun.bluesip.net:3478" + - "stun:stun.dus.net:3478" + - "stun:stun.epygi.com:3478" + - "stun:stun.sonetel.com:3478" + - "stun:stun.sonetel.net:3478" + - "stun:stun.uls.co.za:3478" + - "stun:stun.voipgate.com:3478" + - "stun:stun.voys.nl:3478" + bridges: + - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA" schema: log_level: list(trace|debug|info|notice|warning|error|fatal)? socks: bool @@ -37,5 +51,9 @@ schema: - match(^[A-Za-z0-9+-_]{1,16}$) ports: - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) + snowflake_url: url + snowflake_front: str + snowflake_ice: + - str bridges: - - match(^obfs4 ((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}:((6553[0-5])|(655[0-2][0-9])|(65[0-4][0-9]{2})|(6[0-4][0-9]{3})|([1-5][0-9]{4})|([0-5]{0,5})|([0-9]{1,4}))( \w{40})( cert=\S{70})( iat-mode=[0-2])?$) + - str \ No newline at end of file diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index 0702b45..0046a04 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -126,18 +126,37 @@ if bashio::config.true 'hidden_services'; then fi # Configure bridges -if bashio::config.exists 'bridges'; +if bashio::config.exists 'bridges' \ + && ! bashio::config.is_empty 'bridges'; then + bashio::log.info 'Use bridges:' echo "UseBridges 1" >> "${torrc}" - echo 'ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed' >> "${torrc}" - bashio::log.info 'Setup obfs4 bridges:' + # Add client for OBFS transport + echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" + + # Add client for Snowflake transport + snowflake_plugin_conf="ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" + if bashio::config.exists 'snowflake_url'; + then + snowflake_plugin_conf+=" -url $(bashio::config 'snowflake_url')" + fi + if bashio::config.exists 'snowflake_front'; + then + snowflake_plugin_conf+=" -front $(bashio::config 'snowflake_front')" + fi + if bashio::config.exists 'snowflake_ice'\ + && ! bashio::config.is_empty 'snowflake_ice'; + then + snowflake_plugin_conf+=" -ice `echo $(bashio::config 'snowflake_ice') | tr ' ' ','`" + fi + echo "$snowflake_plugin_conf" >> "${torrc}" + + # Add bridges while read -r bridge; do bashio::log.info "Bridge ${bridge}" echo "Bridge ${bridge}" >> "${torrc}" done <<< "$(bashio::config 'bridges')" -else - bashio::log.info 'obfs4 bridges disabled' fi # Figure out the address From dc9d3fcb8e6c8376871ec3f847907cac66958a38 Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 17 Aug 2023 20:29:29 +0300 Subject: [PATCH 10/34] Move defualt config to docs, update translation --- tor/DOCS.md | 16 +++++++++++++++- tor/config.yaml | 21 ++++----------------- tor/translations/en.yaml | 9 +++++++++ 3 files changed, 28 insertions(+), 18 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index 5c5de4e..d4359d7 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -51,7 +51,21 @@ client_names: - haremote2 ports: - 8123 -bridges: [] +snowflake_url: https://snowflake-broker.torproject.net.global.prod.fastly.net/ +snowflake_front: cdn.sstatic.net +snowflake_ice: + - stun:stun.voip.blackberry.com:3478 + - stun:stun.antisip.com:3478 + - stun:stun.bluesip.net:3478 + - stun:stun.dus.net:3478 + - stun:stun.epygi.com:3478 + - stun:stun.sonetel.com:3478 + - stun:stun.sonetel.net:3478 + - stun:stun.uls.co.za:3478 + - stun:stun.voipgate.com:3478 + - stun:stun.voys.nl:3478 +bridges: + - snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA ``` **Note**: _This is just an example, don't copy and past it! Create your own!_ diff --git a/tor/config.yaml b/tor/config.yaml index 5fe2caf..86c9e70 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -27,21 +27,8 @@ options: ports: - "8123" - "8123:80" - snowflake_url: "https://snowflake-broker.torproject.net.global.prod.fastly.net/" - snowflake_front: "cdn.sstatic.net" - snowflake_ice: - - "stun:stun.voip.blackberry.com:3478" - - "stun:stun.antisip.com:3478" - - "stun:stun.bluesip.net:3478" - - "stun:stun.dus.net:3478" - - "stun:stun.epygi.com:3478" - - "stun:stun.sonetel.com:3478" - - "stun:stun.sonetel.net:3478" - - "stun:stun.uls.co.za:3478" - - "stun:stun.voipgate.com:3478" - - "stun:stun.voys.nl:3478" - bridges: - - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA" + snowflake_ice: [] + bridges: [] schema: log_level: list(trace|debug|info|notice|warning|error|fatal)? socks: bool @@ -51,8 +38,8 @@ schema: - match(^[A-Za-z0-9+-_]{1,16}$) ports: - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) - snowflake_url: url - snowflake_front: str + snowflake_url: "url?" + snowflake_front: "str?" snowflake_ice: - str bridges: diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index d08bdc4..19a8a6d 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -30,6 +30,15 @@ configuration: description: >- Configures hosts and ports to publish via a Tor Hidden Service. Check the add-on documentation for the exact format to enter here. + snowflake_url: + name: Snowflake URL + description: URL of signaling broker + snowflake_front: + name: Snowflake front + description: Front domain + snowflake_ice: + name: Snowflake ICE + description: List of ICE servers bridges: name: Bridges description: >- From 9ffdfff1cd78bfbd62c8acb1b083a71c621b3643 Mon Sep 17 00:00:00 2001 From: akrigator Date: Tue, 24 Oct 2023 01:09:55 +0300 Subject: [PATCH 11/34] Passing snowflake_* options throw bridge's option --- tor/DOCS.md | 35 ++++--------------- tor/config.yaml | 5 --- .../etc/s6-overlay/s6-rc.d/init-tor/run | 16 +-------- tor/translations/en.yaml | 9 ----- 4 files changed, 8 insertions(+), 57 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index d4359d7..bcebedd 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -51,21 +51,7 @@ client_names: - haremote2 ports: - 8123 -snowflake_url: https://snowflake-broker.torproject.net.global.prod.fastly.net/ -snowflake_front: cdn.sstatic.net -snowflake_ice: - - stun:stun.voip.blackberry.com:3478 - - stun:stun.antisip.com:3478 - - stun:stun.bluesip.net:3478 - - stun:stun.dus.net:3478 - - stun:stun.epygi.com:3478 - - stun:stun.sonetel.com:3478 - - stun:stun.sonetel.net:3478 - - stun:stun.uls.co.za:3478 - - stun:stun.voipgate.com:3478 - - stun:stun.voys.nl:3478 -bridges: - - snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA +bridges: [] ``` **Note**: _This is just an example, don't copy and past it! Create your own!_ @@ -165,18 +151,6 @@ The accepted syntaxs of this configuration is: If you do not define a published port, the local port will be used. If you do not define a hostname or IP adress `homeassistant` will be used. -### Option: `snowflake_url` - -URL of signaling broker for snowflake client - -### Option: `snowflake_front` - -Front domain for snowflake client - -### Option: `snowflake_ice` - -List of ICE servers for snowflake client - ### Option: `bridges` > Keep the option value clean to avoid using of any transport plugins and bridges. @@ -186,7 +160,12 @@ Access to bridges is provided by supported transport plugins: #### Snowflake -Look [here][what-is-snowflake] about +What is [snowflake][what-is-snowflake], example: + +```yaml +bridges: + - snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +``` #### OBFS diff --git a/tor/config.yaml b/tor/config.yaml index 86c9e70..9ae22ec 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -27,7 +27,6 @@ options: ports: - "8123" - "8123:80" - snowflake_ice: [] bridges: [] schema: log_level: list(trace|debug|info|notice|warning|error|fatal)? @@ -38,9 +37,5 @@ schema: - match(^[A-Za-z0-9+-_]{1,16}$) ports: - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) - snowflake_url: "url?" - snowflake_front: "str?" - snowflake_ice: - - str bridges: - str \ No newline at end of file diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index 0046a04..27956c5 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -136,21 +136,7 @@ then echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" # Add client for Snowflake transport - snowflake_plugin_conf="ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" - if bashio::config.exists 'snowflake_url'; - then - snowflake_plugin_conf+=" -url $(bashio::config 'snowflake_url')" - fi - if bashio::config.exists 'snowflake_front'; - then - snowflake_plugin_conf+=" -front $(bashio::config 'snowflake_front')" - fi - if bashio::config.exists 'snowflake_ice'\ - && ! bashio::config.is_empty 'snowflake_ice'; - then - snowflake_plugin_conf+=" -ice `echo $(bashio::config 'snowflake_ice') | tr ' ' ','`" - fi - echo "$snowflake_plugin_conf" >> "${torrc}" + echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" # Add bridges while read -r bridge; do diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index 19a8a6d..d08bdc4 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -30,15 +30,6 @@ configuration: description: >- Configures hosts and ports to publish via a Tor Hidden Service. Check the add-on documentation for the exact format to enter here. - snowflake_url: - name: Snowflake URL - description: URL of signaling broker - snowflake_front: - name: Snowflake front - description: Front domain - snowflake_ice: - name: Snowflake ICE - description: List of ICE servers bridges: name: Bridges description: >- From 43c7c758e24bbf971794abe540da6e1c58603626 Mon Sep 17 00:00:00 2001 From: akrigator Date: Tue, 24 Oct 2023 02:05:59 +0300 Subject: [PATCH 12/34] Fix dependcy version Snowflake 2.7.0 is dependent on go 1.21+. Let's use 2.6.1 since only 1.20.10-r0 is available in ghcr.io/hassio-addons/base:14.3.0 --- tor/Dockerfile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index ce3670a..cd105b5 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -15,23 +15,24 @@ RUN \ openssl=3.1.3-r0 \ tor=0.4.8.7-r0 -# Install Go for building obfs4proxy. -RUN apk add go git ca-certificates libcap +# Install Go for building bridge transports clients. +RUN apk add --no-cache \ + go \ + git \ + ca-certificates \ + libcap RUN mkdir -p /go/src /go/bin RUN chmod -R 644 /go ENV GOPATH /go ENV PATH /go/bin:$PATH -# Remove cache to reduce image size. -RUN rm -rf /var/cache/apk/* - -# Install obfs4proxy +# Install obfs4proxy transport client RUN git clone https://github.com/Yawning/obfs4.git /go/obfs4/ WORKDIR /go/obfs4/ RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy -# Install snowflake -RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ +# Install snowflake transport client +RUN git clone --branch v2.6.1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ WORKDIR /go/snowflake/client/ RUN go get RUN go build -o /usr/local/bin/snowflake From cd2615dfc49bc7764689801eb6606333b449a231 Mon Sep 17 00:00:00 2001 From: akrigator Date: Tue, 24 Oct 2023 22:18:51 +0300 Subject: [PATCH 13/34] Update docs and fix snowflake port binding privelage --- tor/DOCS.md | 14 ++++++++++++-- tor/Dockerfile | 6 ++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index bcebedd..a76577a 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -164,7 +164,14 @@ What is [snowflake][what-is-snowflake], example: ```yaml bridges: - - snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn + - >- + snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 + fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 + url=https://snowflake-broker.torproject.net/ + ampcache=https://cdn.ampproject.org/ + front=www.google.com + ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 + utls-imitate=hellorandomizedalpn ``` #### OBFS @@ -179,7 +186,10 @@ For example: ```yaml bridges: - - "obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA iat-mode=0" + - >- + obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 + cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA + iat-mode=0 ``` ## Tor client access setup diff --git a/tor/Dockerfile b/tor/Dockerfile index cd105b5..2b54bd0 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -37,9 +37,11 @@ WORKDIR /go/snowflake/client/ RUN go get RUN go build -o /usr/local/bin/snowflake -# Give obfs4proxy the capability to bind port 80. This line isn't necessary if +# Give tranposrts clients the capability to bind port 80. This line isn't necessary if # you use a high (unprivileged) port. -RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy +RUN setcap \ + 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ + 'cap_net_bind_service=+ep' /usr/local/bin/snowflake WORKDIR / From f047bdbb878f701ef10d036f73c5e685bf458355 Mon Sep 17 00:00:00 2001 From: akrigator Date: Wed, 25 Oct 2023 00:34:55 +0300 Subject: [PATCH 14/34] Add webtunnel bidge support --- tor/DOCS.md | 48 ++++++++++++------- tor/Dockerfile | 29 +++++------ .../etc/s6-overlay/s6-rc.d/init-tor/run | 3 ++ 3 files changed, 50 insertions(+), 30 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index a76577a..8d44ea5 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -158,22 +158,6 @@ If you do not define a hostname or IP adress `homeassistant` will be used. Bridges are Tor relays that help you circumvent censorship. Access to bridges is provided by supported transport plugins: -#### Snowflake - -What is [snowflake][what-is-snowflake], example: - -```yaml -bridges: - - >- - snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 - fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 - url=https://snowflake-broker.torproject.net/ - ampcache=https://cdn.ampproject.org/ - front=www.google.com - ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 - utls-imitate=hellorandomizedalpn -``` - #### OBFS Because bridge addresses are not public, you will need to request them yourself. You have a few options: @@ -192,6 +176,37 @@ bridges: iat-mode=0 ``` +#### Webtunnel + +Visit [Tor][tor-bridges-webtunnel] project and follow the instructions + +For example: + +```yaml +bridges: + - >- + webtunnel 192.0.2.3:1 + DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF + url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0 + ver=0.0.1 +``` + +#### Snowflake + +What is [snowflake][what-is-snowflake], example: + +```yaml +bridges: + - >- + snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 + fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 + url=https://snowflake-broker.torproject.net/ + ampcache=https://cdn.ampproject.org/ + front=www.google.com + ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 + utls-imitate=hellorandomizedalpn +``` + ## Tor client access setup Using this add-on, you can access your Home Assistant instance over Tor from @@ -304,4 +319,5 @@ SOFTWARE. [semver]: http://semver.org/spec/v2.0.0.htm [tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en [tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 +[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel [what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ \ No newline at end of file diff --git a/tor/Dockerfile b/tor/Dockerfile index 2b54bd0..52ac531 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -12,19 +12,14 @@ COPY rootfs / RUN \ apk add --no-cache \ coreutils=9.3-r1 \ - openssl=3.1.3-r0 \ - tor=0.4.8.7-r0 - -# Install Go for building bridge transports clients. -RUN apk add --no-cache \ - go \ - git \ - ca-certificates \ - libcap -RUN mkdir -p /go/src /go/bin -RUN chmod -R 644 /go -ENV GOPATH /go -ENV PATH /go/bin:$PATH + openssl=3.1.4-r0 \ + libcrypto3=3.1.4-r0 \ + libssl3=3.1.4-r0 \ + tor=0.4.8.7-r0 \ + go=1.20.10-r0 \ + git=2.40.1-r0 \ + ca-certificates=20230506-r0 \ + libcap=2.69-r0 # Install obfs4proxy transport client RUN git clone https://github.com/Yawning/obfs4.git /go/obfs4/ @@ -37,11 +32,17 @@ WORKDIR /go/snowflake/client/ RUN go get RUN go build -o /usr/local/bin/snowflake +# Install webtunnel client +RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel/ +WORKDIR /go/webtunnel/main/client/ +RUN go build -ldflags="-s -w" -o /usr/local/bin/webtunnel + # Give tranposrts clients the capability to bind port 80. This line isn't necessary if # you use a high (unprivileged) port. RUN setcap \ 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ - 'cap_net_bind_service=+ep' /usr/local/bin/snowflake + 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ + 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel WORKDIR / diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index 27956c5..e8c21ab 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -137,6 +137,9 @@ then # Add client for Snowflake transport echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" + + # Add client for WebTunnel transport + echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}" # Add bridges while read -r bridge; do From b32959a9f89a7c79caef05b7a3e517ded2fbdfbe Mon Sep 17 00:00:00 2001 From: akrigator Date: Sat, 28 Oct 2023 03:44:42 +0300 Subject: [PATCH 15/34] Increase watchdog interval Bootstrapping with bridge takes upto 1 hour https://docs.docker.com/engine/reference/builder/#healthcheck --- tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 52ac531..9bd1bae 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -47,7 +47,7 @@ RUN setcap \ WORKDIR / HEALTHCHECK \ - --start-period=5m \ + --start-period=60m \ --interval=60s \ --timeout=30s \ CMD curl \ From a1e3394d4cd78db1dca9bc9c8e1654567fe9ee87 Mon Sep 17 00:00:00 2001 From: akrigator Date: Tue, 9 Jan 2024 09:24:34 +0300 Subject: [PATCH 16/34] Fix up @frenck comments: - setup renovate to manage tor trasports plugins versioning - install transport plugins in single docker layer --- .github/renovate.json | 27 +++++++++++++++++++++++++++ tor/Dockerfile | 36 ++++++++++++++++++++---------------- 2 files changed, 47 insertions(+), 16 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index cc4797b..9cb150f 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -24,6 +24,33 @@ "versioningTemplate": "loose", "datasourceTemplate": "repology", "depNameTemplate": "alpine_3_18/{{package}}" + }, + { + "fileMatch": ["/Dockerfile$"], + "matchStrings": [ + "ARG OBFS_VERSION=[\"']?(?.+?)[\"']?\\s+" + ], + "versioningTemplate": "loose", + "datasourceTemplate": "github-releases", + "depNameTemplate": "Yawning/obfs4" + }, + { + "fileMatch": ["/Dockerfile$"], + "matchStrings": [ + "ARG SNOWFLAKE_VERSION=[\"']?(?.+?)[\"']?\\s+" + ], + "versioningTemplate": "loose", + "datasourceTemplate": "github-releases", + "depNameTemplate": "tpo/anti-censorship/pluggable-transports/snowflake" + }, + { + "fileMatch": ["/Dockerfile$"], + "matchStrings": [ + "ARG WEBTUNNEL_VERSION=[\"']?(?.+?)[\"']?\\s+" + ], + "versioningTemplate": "loose", + "datasourceTemplate": "github-releases", + "depNameTemplate": "tpo/anti-censorship/pluggable-transports/webtunnel" } ], "packageRules": [ diff --git a/tor/Dockerfile b/tor/Dockerfile index fcc9547..ac70661 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -13,27 +13,31 @@ RUN \ apk add --no-cache \ coreutils=9.3-r1 \ openssl=3.1.4-r1 \ - tor=0.4.8.9-r0 \ - go=1.20.10-r0 \ + tor=0.4.8.10-r0 \ + go=1.20.11-r0 \ git=2.40.1-r0 \ ca-certificates=20230506-r0 \ libcap=2.69-r0 -# Install obfs4proxy transport client -RUN git clone https://github.com/Yawning/obfs4.git /go/obfs4/ -WORKDIR /go/obfs4/ -RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy - -# Install snowflake transport client -RUN git clone --branch v2.6.1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ -WORKDIR /go/snowflake/client/ -RUN go get -RUN go build -o /usr/local/bin/snowflake - +ARG OBFS_VERSION=obfs4proxy-0.0.14 +ARG SNOWFLAKE_VERSION=v2.6.1 +ARG WEBTUNNEL_VERSION=ae511e2d67297b8b32fdb173549cac7b9f64f45b +RUN \ +# Install obfs4proxy + git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git /go/obfs4/ \ + && cd /go/obfs4/ \ + && go build -o /usr/local/bin/obfs4proxy ./obfs4proxy \ +# Install snowflake + && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ \ + && cd /go/snowflake/client/ \ + && go get \ + && go build -o /usr/local/bin/snowflake \ # Install webtunnel client -RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel/ -WORKDIR /go/webtunnel/main/client/ -RUN go build -ldflags="-s -w" -o /usr/local/bin/webtunnel + && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel/ \ + && cd /go/webtunnel/ \ + && git reset --hard ${WEBTUNNEL_VERSION} \ + && cd main/client/ \ + && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel # Give tranposrts clients the capability to bind port 80. This line isn't necessary if # you use a high (unprivileged) port. From 255a29d7dae2ed482fdd3ea7ffc4ca16428111ac Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 11 Jan 2024 22:53:48 +0300 Subject: [PATCH 17/34] Fix up @frenck comments: - setcap in single docker layer --- tor/Dockerfile | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 155d961..5b506f8 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -9,6 +9,9 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] COPY rootfs / # Setup base +ARG OBFS_VERSION=obfs4proxy-0.0.14 +ARG SNOWFLAKE_VERSION=v2.6.1 +ARG WEBTUNNEL_VERSION=ae511e2d67297b8b32fdb173549cac7b9f64f45b RUN \ apk add --no-cache \ coreutils=9.4-r1 \ @@ -17,14 +20,9 @@ RUN \ go=1.21.5-r0 \ git=2.43.0-r0 \ ca-certificates=20230506-r0 \ - libcap=2.69-r1 - -ARG OBFS_VERSION=obfs4proxy-0.0.14 -ARG SNOWFLAKE_VERSION=v2.6.1 -ARG WEBTUNNEL_VERSION=ae511e2d67297b8b32fdb173549cac7b9f64f45b -RUN \ + libcap=2.69-r1 \ # Install obfs4proxy - git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git /go/obfs4/ \ + && git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git /go/obfs4/ \ && cd /go/obfs4/ \ && go build -o /usr/local/bin/obfs4proxy ./obfs4proxy \ # Install snowflake @@ -37,14 +35,12 @@ RUN \ && cd /go/webtunnel/ \ && git reset --hard ${WEBTUNNEL_VERSION} \ && cd main/client/ \ - && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel - -# Give tranposrts clients the capability to bind port 80. This line isn't necessary if -# you use a high (unprivileged) port. -RUN setcap \ - 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ - 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ - 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel + && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel \ +# Give tranposrts clients the capability to bind privileged port. + && setcap \ + 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ + 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ + 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel WORKDIR / From 08ac1693e66e45b4da1352cbcbb804bebdb11107 Mon Sep 17 00:00:00 2001 From: akrigator Date: Tue, 23 Apr 2024 03:47:02 +0300 Subject: [PATCH 18/34] Update transports and their dependencies --- tor/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 2cdfb42..9b86711 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -10,16 +10,16 @@ COPY rootfs / # Setup base ARG OBFS_VERSION=obfs4proxy-0.0.14 -ARG SNOWFLAKE_VERSION=v2.6.1 -ARG WEBTUNNEL_VERSION=ae511e2d67297b8b32fdb173549cac7b9f64f45b +ARG SNOWFLAKE_VERSION=v2.9.2 +ARG WEBTUNNEL_VERSION=c6e11b4fc27bb36d38a3dd903aaa1c5deb66ff0b RUN \ apk add --no-cache \ coreutils=9.4-r2 \ openssl=3.1.4-r6 \ tor=0.4.8.11-r0 \ - go=1.21.6-r0 \ + go=1.21.9-r0 \ git=2.43.0-r0 \ - ca-certificates=20230506-r0 \ + ca-certificates=20240226-r0 \ libcap=2.69-r1 \ # Install obfs4proxy && git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git /go/obfs4/ \ From fd22dc2c786f2730ded6205620772931bcab67fc Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 16:14:30 +0000 Subject: [PATCH 19/34] Docker layers --- tor/Dockerfile | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 4a3a85c..95cd435 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -9,41 +9,45 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] COPY rootfs / # Setup base -ARG OBFS_VERSION=obfs4proxy-0.0.14 -ARG SNOWFLAKE_VERSION=v2.9.2 -ARG WEBTUNNEL_VERSION=c6e11b4fc27bb36d38a3dd903aaa1c5deb66ff0b -RUN \ - apk add --no-cache \ +RUN apk add --no-cache \ coreutils=9.4-r2 \ openssl=3.1.5-r0 \ tor=0.4.8.11-r0 \ go=1.21.10-r0 \ git=2.43.4-r0 \ ca-certificates=20240226-r0 \ - libcap=2.69-r1 \ + libcap=2.69-r1 + # Install obfs4proxy - && git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git /go/obfs4/ \ - && cd /go/obfs4/ \ - && go build -o /usr/local/bin/obfs4proxy ./obfs4proxy \ +ARG OBFS_VERSION=obfs4proxy-0.0.14 +WORKDIR /go/obfs4 +RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git . \ + && go build -o /usr/local/bin/obfs4proxy ./obfs4proxy + # Install snowflake - && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake/ \ - && cd /go/snowflake/client/ \ +ARG SNOWFLAKE_VERSION=v2.9.2 +WORKDIR /go/snowflake +RUN git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git . \ + && cd client \ && go get \ - && go build -o /usr/local/bin/snowflake \ + && go build -o /usr/local/bin/snowflake + # Install webtunnel client - && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel/ \ - && cd /go/webtunnel/ \ +ARG WEBTUNNEL_VERSION=c6e11b4fc27bb36d38a3dd903aaa1c5deb66ff0b +WORKDIR /go/webtunnel +RUN git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git . \ && git reset --hard ${WEBTUNNEL_VERSION} \ - && cd main/client/ \ - && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel \ -# Give tranposrts clients the capability to bind privileged port. - && setcap \ - 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ - 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ - 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel + && cd main/client \ + && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel WORKDIR / +# Give tranposrts clients the capability to bind privileged port. +RUN setcap \ + 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ + 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ + 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel + HEALTHCHECK \ --start-period=60m \ --interval=60s \ From fc3b7584f904163c625e9abcc2ca180cda278b32 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 16:29:44 +0000 Subject: [PATCH 20/34] Docker layers --- tor/Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 95cd435..5d2ed73 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -26,18 +26,16 @@ RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Ya # Install snowflake ARG SNOWFLAKE_VERSION=v2.9.2 -WORKDIR /go/snowflake -RUN git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git . \ - && cd client \ +WORKDIR /go/snowflake/client +RUN git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake \ && go get \ && go build -o /usr/local/bin/snowflake # Install webtunnel client ARG WEBTUNNEL_VERSION=c6e11b4fc27bb36d38a3dd903aaa1c5deb66ff0b -WORKDIR /go/webtunnel -RUN git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git . \ +WORKDIR /go/webtunnel/main/client +RUN git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel \ && git reset --hard ${WEBTUNNEL_VERSION} \ - && cd main/client \ && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel WORKDIR / From 9238dc8f00841ed7d3a501ac344bc3a2da396834 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 16:33:23 +0000 Subject: [PATCH 21/34] YAMLLint fixup --- tor/config.yaml | 2 +- tor/translations/en.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tor/config.yaml b/tor/config.yaml index 44ffb71..2b47b29 100644 --- a/tor/config.yaml +++ b/tor/config.yaml @@ -36,4 +36,4 @@ schema: ports: - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) bridges: - - str \ No newline at end of file + - str diff --git a/tor/translations/en.yaml b/tor/translations/en.yaml index d08bdc4..787fda9 100644 --- a/tor/translations/en.yaml +++ b/tor/translations/en.yaml @@ -33,7 +33,7 @@ configuration: bridges: name: Bridges description: >- - Configures bridges to establish connection with Tor Network. Check the + Configures bridges to establish connection with Tor Network. Check the add-on documentation for the exact format to enter here. network: 9050/tcp: Tor SOCKS proxy port From 0bd9e0bb3366629c8a8eb59a563f135c924e3b0f Mon Sep 17 00:00:00 2001 From: akrigator Date: Thu, 23 May 2024 17:07:23 +0000 Subject: [PATCH 22/34] Prettified Code! --- .github/renovate.json | 4 +--- tor/DOCS.md | 8 ++++---- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index 3628f40..a8ec207 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -27,9 +27,7 @@ }, { "fileMatch": ["/Dockerfile$"], - "matchStrings": [ - "ARG OBFS_VERSION=[\"']?(?.+?)[\"']?\\s+" - ], + "matchStrings": ["ARG OBFS_VERSION=[\"']?(?.+?)[\"']?\\s+"], "versioningTemplate": "loose", "datasourceTemplate": "github-releases", "depNameTemplate": "Yawning/obfs4" diff --git a/tor/DOCS.md b/tor/DOCS.md index afedd64..98fe761 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -162,9 +162,9 @@ Access to bridges is provided by supported transport plugins: Because bridge addresses are not public, you will need to request them yourself. You have a few options: -* Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or -* Email bridges@torproject.org from a Gmail, or Riseup email address -* Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. +- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or +- Email bridges@torproject.org from a Gmail, or Riseup email address +- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. For example: @@ -320,4 +320,4 @@ SOFTWARE. [tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en [tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 [tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel -[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ \ No newline at end of file +[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ From 91d4acc7112ece61dbb50e297599643786fc30c0 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 17:24:35 +0000 Subject: [PATCH 23/34] Docker layers --- tor/Dockerfile | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 5d2ed73..f113614 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,7 @@ ARG BUILD_FROM=ghcr.io/hassio-addons/base:15.0.9 +ARG OBFS_VERSION=obfs4proxy-0.0.14 +ARG SNOWFLAKE_VERSION=v2.9.2 +ARG WEBTUNNEL_VERSION=3b6faa48163782c1e5420bcb4b068cd38c401ea7 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -18,24 +21,24 @@ RUN apk add --no-cache \ ca-certificates=20240226-r0 \ libcap=2.69-r1 -# Install obfs4proxy -ARG OBFS_VERSION=obfs4proxy-0.0.14 +# Download pluggable-transports sources +WORKDIR /go +RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ + && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ + && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + +# Build obfs4proxy WORKDIR /go/obfs4 -RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git . \ - && go build -o /usr/local/bin/obfs4proxy ./obfs4proxy +RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy -# Install snowflake -ARG SNOWFLAKE_VERSION=v2.9.2 +# Build snowflake WORKDIR /go/snowflake/client -RUN git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git /go/snowflake \ - && go get \ +RUN go get \ && go build -o /usr/local/bin/snowflake -# Install webtunnel client -ARG WEBTUNNEL_VERSION=c6e11b4fc27bb36d38a3dd903aaa1c5deb66ff0b +# Build webtunnel WORKDIR /go/webtunnel/main/client -RUN git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git /go/webtunnel \ - && git reset --hard ${WEBTUNNEL_VERSION} \ +RUN git reset --hard ${WEBTUNNEL_VERSION} \ && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel WORKDIR / From 8f9779a547eac16b5fedecc6f8862c183a5d3369 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 17:39:12 +0000 Subject: [PATCH 24/34] Docker layers --- tor/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index f113614..956ca8a 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,7 +1,4 @@ ARG BUILD_FROM=ghcr.io/hassio-addons/base:15.0.9 -ARG OBFS_VERSION=obfs4proxy-0.0.14 -ARG SNOWFLAKE_VERSION=v2.9.2 -ARG WEBTUNNEL_VERSION=3b6faa48163782c1e5420bcb4b068cd38c401ea7 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -23,6 +20,9 @@ RUN apk add --no-cache \ # Download pluggable-transports sources WORKDIR /go +ARG OBFS_VERSION=obfs4proxy-0.0.14 +ARG SNOWFLAKE_VERSION=v2.9.2 +ARG WEBTUNNEL_VERSION=3b6faa48163782c1e5420bcb4b068cd38c401ea7 RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git From 8de4f8fcdaefeecd07da76621f4c0b57e7372748 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 17:46:46 +0000 Subject: [PATCH 25/34] Misspelling --- tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 956ca8a..6e2dd2a 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -43,7 +43,7 @@ RUN git reset --hard ${WEBTUNNEL_VERSION} \ WORKDIR / -# Give tranposrts clients the capability to bind privileged port. +# Give transports clients the capability to bind privileged port. RUN setcap \ 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ From db3ac52473b0eba6281f9ad7481d2e6b79bf59e8 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 23 May 2024 20:46:23 -0500 Subject: [PATCH 26/34] Remove bridge sources from image --- tor/DOCS.md | 2 +- tor/Dockerfile | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index 98fe761..a88a8a6 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -153,7 +153,7 @@ If you do not define a hostname or IP adress `homeassistant` will be used. ### Option: `bridges` -> Keep the option value clean to avoid using of any transport plugins and bridges. +> Keep the option value clean to avoid using any transport plugins and bridges. Bridges are Tor relays that help you circumvent censorship. Access to bridges is provided by supported transport plugins: diff --git a/tor/Dockerfile b/tor/Dockerfile index 6e2dd2a..727872e 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -41,7 +41,9 @@ WORKDIR /go/webtunnel/main/client RUN git reset --hard ${WEBTUNNEL_VERSION} \ && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel +# Clean up after build WORKDIR / +RUN rm -rf /go # Give transports clients the capability to bind privileged port. RUN setcap \ From 69a20f804249b440d0555d2d659202b0d340af53 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Fri, 24 May 2024 02:34:30 +0000 Subject: [PATCH 27/34] coderabbitai suggestions --- tor/DOCS.md | 4 ++-- tor/Dockerfile | 5 +---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tor/DOCS.md b/tor/DOCS.md index a88a8a6..fc69abe 100644 --- a/tor/DOCS.md +++ b/tor/DOCS.md @@ -153,7 +153,7 @@ If you do not define a hostname or IP adress `homeassistant` will be used. ### Option: `bridges` -> Keep the option value clean to avoid using any transport plugins and bridges. +> Ensure the option value is clear to avoid unintended use of transport plugins and bridges. Bridges are Tor relays that help you circumvent censorship. Access to bridges is provided by supported transport plugins: @@ -163,7 +163,7 @@ Access to bridges is provided by supported transport plugins: Because bridge addresses are not public, you will need to request them yourself. You have a few options: - Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or -- Email bridges@torproject.org from a Gmail, or Riseup email address +- Email `bridges@torproject.org` from a Gmail, or Riseup email address - Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. For example: diff --git a/tor/Dockerfile b/tor/Dockerfile index 727872e..3746a33 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -46,10 +46,7 @@ WORKDIR / RUN rm -rf /go # Give transports clients the capability to bind privileged port. -RUN setcap \ - 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ - 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ - 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel +RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel HEALTHCHECK \ --start-period=60m \ From 035a76008fa3f0d756bca401cd3497128e6df267 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Fri, 24 May 2024 02:41:08 +0000 Subject: [PATCH 28/34] Revert suggestion --- tor/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 3746a33..d4c8be4 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -46,7 +46,9 @@ WORKDIR / RUN rm -rf /go # Give transports clients the capability to bind privileged port. -RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel +RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ + && setcap 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ + && setcap 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel HEALTHCHECK \ --start-period=60m \ From 2b77e9a1c3aafb269d066bdc9983eadc91a19f76 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Sun, 7 Jul 2024 21:16:26 -0500 Subject: [PATCH 29/34] Update dependecies --- tor/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 71c39ce..8a17edc 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -14,10 +14,10 @@ RUN \ coreutils=9.5-r1 \ openssl=3.3.1-r1 \ tor=0.4.8.12-r0 \ - go=1.21.10-r0 \ - git=2.43.4-r0 \ - ca-certificates=20240226-r0 \ - libcap=2.69-r1 + go=1.22.5-r0 \ + git=2.45.2-r1 \ + ca-certificates=20240705-r0 \ + libcap=2.70-r0 # Download pluggable-transports sources WORKDIR /go From c5315931681763f492aca86efc487dd99deb9dd6 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Sun, 7 Jul 2024 21:23:38 -0500 Subject: [PATCH 30/34] Update dependency --- tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 8a17edc..a8f521a 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -12,7 +12,7 @@ COPY rootfs / RUN \ apk add --no-cache \ coreutils=9.5-r1 \ - openssl=3.3.1-r1 \ + openssl=3.3.1-r2 \ tor=0.4.8.12-r0 \ go=1.22.5-r0 \ git=2.45.2-r1 \ From 335465eb86d636d4263b86fa0e4414eb0368600a Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Sun, 7 Jul 2024 21:29:12 -0500 Subject: [PATCH 31/34] Update dependincies --- tor/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index a8f521a..954412c 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -12,11 +12,11 @@ COPY rootfs / RUN \ apk add --no-cache \ coreutils=9.5-r1 \ - openssl=3.3.1-r2 \ + openssl=3.3.1-r1 \ tor=0.4.8.12-r0 \ go=1.22.5-r0 \ - git=2.45.2-r1 \ - ca-certificates=20240705-r0 \ + git=2.45.2-r0 \ + ca-certificates=20240226-r0 \ libcap=2.70-r0 # Download pluggable-transports sources From fed695aa4b22ee8a5280cf9e5363ef08298dac07 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Sun, 7 Jul 2024 21:42:04 -0500 Subject: [PATCH 32/34] Update dependency --- tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 954412c..b450150 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -14,7 +14,7 @@ RUN \ coreutils=9.5-r1 \ openssl=3.3.1-r1 \ tor=0.4.8.12-r0 \ - go=1.22.5-r0 \ + go=1.22.4-r0 \ git=2.45.2-r0 \ ca-certificates=20240226-r0 \ libcap=2.70-r0 From 0f955a2495bb1c4db9483f5e823c7f645ec5c6d6 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Fri, 9 Aug 2024 17:37:09 -0500 Subject: [PATCH 33/34] Update dependency packages --- tor/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 64d3fed..c505b64 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -14,9 +14,9 @@ RUN \ coreutils=9.5-r1 \ openssl=3.3.1-r3 \ tor=0.4.8.12-r0 \ - go=1.22.4-r0 \ + go=1.22.5-r0 \ git=2.45.2-r0 \ - ca-certificates=20240226-r0 \ + ca-certificates=20240705-r0 \ libcap=2.70-r0 # Download pluggable-transports sources From 4c2ffe553f6678e9dfc82a19ce062880416ec25b Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Fri, 9 Aug 2024 17:47:41 -0500 Subject: [PATCH 34/34] Update web tunnel version --- tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index c505b64..2510ec5 100755 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -23,7 +23,7 @@ RUN \ WORKDIR /go ARG OBFS_VERSION=obfs4proxy-0.0.14 ARG SNOWFLAKE_VERSION=v2.9.2 -ARG WEBTUNNEL_VERSION=3b6faa48163782c1e5420bcb4b068cd38c401ea7 +ARG WEBTUNNEL_VERSION=e64b1b3562f3ab50d06141ecd513a21ec74fe8c6 RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git