Hi all,
On Fri, Nov 25, 2022 at 02:17:07AM +0000, Yifei Zhan wrote:
> On 22/11/24 10:22PM, Caspar Schutijser wrote:
> > Hi,
> >
> > On Thu, Nov 24, 2022 at 05:27:59PM +0300, u...@disroot.org wrote:
> > > > OK, I think you need to install obfs4proxy and then configure your
> > > > Tor Browser. Here is my configuration in file ~/TorBrowser-Data/torrc:
> > >
> > > > ClientOnionAuthDir ...
> > > > ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
> > > > DataDirectory ...
> > > > UseBridges 1
> > > > Bridge obfs4 ...
> > > > Bridge obfs4 ...
> > >
> > > Thank you! This works. Though I still wonder why on OpenBSD I need
> > > to know how to configure torrc in order to get my bridges to work,
> > > where on other os's I could just select built-in ones or paste
> > > bridges as normal. Maybe somebody knows why this is the case? Do
> > > maintainers on other os's just do additional configuration for
> > > their users, but OpenBSD sticks to vanilla experience? Or was it a
> > > change to reduce the attack surface for the majority of people who
> > > don't live in a country where Tor is blocked?
> >
>
> (Adding to what Caspar said)
>
> OpenBSD's Tor Browser port is built differently from Linux's, as far as I
> know
> most Linux distros' TBB package is based on Tor Project's prebuilt binary,
> while
> OpenBSD needs to build it from source, and the part of the work for bridge
> integration is still WIP.
>
> >
> > If anyone wants to help, that's appreciated. I saw some configuration
> > snippets in some other emails, that already helps a bit. If anyone has
> > drafts for diffs to Tor Browser, that would help as well.
> > www/tor-browser/browser/files/torrc-defaults seems to be one piece of
> > the puzzle.
>
> I have some WIP diffs which I will send out soon, once I finished some other
> updates.
Looking forward to see what you came up with so that we can compare.
In the meantime, I came up with the following.
The "Select a Built-In Bridge" screen now shows the obfs4, Snowflake
and meek-azure options instead of showing an empty screen. obfs4 is the
only one that works at this moment though. Right now we don't have a
Snowflake client, as far as I know. And as for meek, I tried to make it
work with obfs4proxy as shown in a commented-out line in
www/tor-browser/browser/files/torrc-defaults but that didn't
work even though I saw some configuration snippets which hint at that.
Either way, as long as Snowflake and meek don't work, I should probably
filter them from bridges.js before appending them to 000-tor-browser.js.
Caspar
Index: meta/tor-browser/Makefile
===================================================================
RCS file: /cvs/ports/meta/tor-browser/Makefile,v
retrieving revision 1.62
diff -u -p -r1.62 Makefile
--- meta/tor-browser/Makefile 14 Nov 2022 22:13:58 -0000 1.62
+++ meta/tor-browser/Makefile 25 Nov 2022 11:42:33 -0000
@@ -4,9 +4,10 @@ MAINTAINER= Caspar Schutijser <caspar@sc
PKGNAME= tor-browser-12.0alpha4
ONLY_FOR_ARCHS = amd64
+REVISION= 0
RUN_DEPENDS= www/tor-browser/browser>=12.0alpha4 \
www/tor-browser/noscript>=11.4.11 \
- net/tor>=0.4.7.10
+ net/tor>=0.4.7.11
.include <bsd.port.mk>
Index: meta/tor-browser/pkg/README
===================================================================
RCS file: /cvs/ports/meta/tor-browser/pkg/README,v
retrieving revision 1.9
diff -u -p -r1.9 README
--- meta/tor-browser/pkg/README 9 Mar 2022 20:48:33 -0000 1.9
+++ meta/tor-browser/pkg/README 25 Nov 2022 11:42:33 -0000
@@ -33,10 +33,8 @@ editing your torrc yourself. Make sure
before doing so if you use this method; if Tor Browser is running it
might overwrite your torrc.
-NOTE: The OpenBSD Tor Browser ports do not yet include Pluggable
-Transports (PT). This means that not all features are yet available,
-such as using obfsproxy to get to Tor. A future update will include
-ports for PT components. Pluggable Transports have a web page
+NOTE: on OpenBSD, the only Pluggable Transport (PT) that is available
+for now is obfs4proxy. Pluggable Transports have a web page
worth reading:
https://2019.www.torproject.org/docs/pluggable-transports.html.en
Index: www/tor-browser/browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.95
diff -u -p -r1.95 Makefile
--- www/tor-browser/browser/Makefile 15 Nov 2022 08:16:54 -0000 1.95
+++ www/tor-browser/browser/Makefile 25 Nov 2022 11:42:33 -0000
@@ -9,7 +9,7 @@ MOZILLA_VERSION = ${TB_VERSION}
MOZILLA_PROJECT = ${BROWSER_NAME}
MOZILLA_CODENAME = browser
TL_VERSION = 0.2.39
-REVISION = 0
+REVISION = 1
EXTRACT_SUFX = .tar.xz
PATCHORIG = .pat.orig
@@ -77,7 +77,8 @@ MAKE_ENV += BUILD_OPT=1 \
NSS_ENABLE_ECC=1 \
XCFLAGS="-I${LOCALBASE}/include ${CFLAGS}"
-RUN_DEPENDS += net/tor>=0.4.7.10
+RUN_DEPENDS += net/obfs4proxy>=0.0.14 \
+ net/tor>=0.4.7.11
CONFIGURE_ARGS += --enable-release #1386371
CONFIGURE_ARGS += --enable-sandbox
@@ -107,6 +108,9 @@ post-patch:
sed -i 's/#ifdef XP_LINUX/#if defined(XP_LINUX) ||
defined(XP_OPENBSD)/' \
${WRKSRC}/browser/app/profile/000-tor-browser.js
ln -s ${WRKSRC}/mozconfig-linux-x86_64 ${WRKSRC}/.mozconfig
+
+ cat ${WRKSRC}/tools/torbrowser/bridges.js \
+ >>${WRKSRC}/browser/app/profile/000-tor-browser.js
${SUBST_CMD} ${WRKSRC}/xpcom/build/BinaryPath.h
Index: www/tor-browser/browser/files/torrc-defaults
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/torrc-defaults,v
retrieving revision 1.1
diff -u -p -r1.1 torrc-defaults
--- www/tor-browser/browser/files/torrc-defaults 13 Feb 2020 07:41:53
-0000 1.1
+++ www/tor-browser/browser/files/torrc-defaults 25 Nov 2022 11:42:33
-0000
@@ -20,7 +20,9 @@ GeoIPv6File ${LOCALBASE}/share/tor/geoip
#ClientTransportPlugin fte exec fteproxy --managed
## obfs4proxy configuration
-#ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec obfs4proxy
+# XXX isn't meek_lite also supposed to work with obfs4proxy?
+#ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec
/usr/local/bin/obfs4proxy
+ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec
/usr/local/bin/obfs4proxy
## flash proxy configuration
#
