One thing to consider: A few onions are tor+https but most are tor+http.
But I guess that's not an issue because http vs https is declared in the
repository configuration files.
I think this would be a nice feature to have, indeed.
Thank you for your interest in this feature!
However, given that I have zero experience with tor, I would need some help
with the design of such a feature.
Sure thing!
I'm thinking something like this might work:
- If you pass --onion on the command line, or set onion: true in the
configuration file: require a preconfigured .onion URL in the repository
configuration.
Yes. And if unavailable (not declared in the repository configuration),
show a helpful error message and exit non-zero.
--onion should like an explicit request which should either succeed or
fail closed.
- If you pass --tor-tunnel on the command line, or set tor-tunnel: true in the
configuration file: enable the use of the tor+https configuration, don't use a
.onion URL even if it is known.
Yes.
- if you pass --tor on the command line, or set tor: true in the configuration
file: use a .onion URL if it exists, but fall back to using tor+https if not.
Also very nice. However, the option name is a bit non-ideal. This is
more like an opportunistic, graceful fallback, do the best thing kind of
approach.
For lack of better option name idea, that's more like --tor-auto.
That could be a nice configuration option that users could add to
/etc/extrepo/config.yaml as a set and forget option to always get the
maximum possible use of Tor.
What do you think of this suggestion? Does it make sense?
Yes.
In order to make sure that the data is correct and complete, we would need to
be able to validate .onion URLs in the CI jobs, which involves downloading
repository metadata and making sure it looks sensible. Do you know if it is
possible to reach the tor network from a container?
Yes. I don't see why that wouldn't work. Packages tor and
apt-transport-tor don't have any idiosyncrasies which break it inside
containers. All they require is a usual network connection.
If you want to test onion availability without use of apt-get? In that
case, the torsocks package will help. Use of torsocks is very simple.
Simply prepend it in front of the command you intent to use and the
connection will be torified. Example usage: torsocks curl oniondomain.onion
If so, would you be willing to help me work that out?
Yes.
