Make a deb of snowflake (proxy and client) and get into Debian
aka
apt-get install snowflake
Speaking for Whonix, this would be very useful. Perhaps for Tails as well, but I am not speaking for them.
(Similar to legacy/trac#13160 (moved).)
Designs
Activity
legacy/trac#23742 (moved) is a duplicate.
Replying to cypherpunks:
legacy/trac#23742 (moved) is a duplicate.
Note there are two things we might mean here: one is to get the snowflake code into a deb, so I can volunteer my server to be a snowflake, and the other is to get snowflake-client into a deb, so client-side approaches other than Tor Browser can integrate it more easily. Both are worth doing for various reasons, but let's be careful of forgetting whichever one you weren't thinking of. :)
Now that I'm digging into building libwebrtc, I have to say that building a Debian package of Snowflake based on the Chromium libwebrtc will be a ton of work. The libwebrtc build system is vast and insane. It literally downloads Debian stretch images for both i386 and amd64 as part of the process:
________ running '/usr/bin/python src/build/linux/sysroot_scripts/install-sysroot.py --running-as-hook' in '/go/src/github.com/keroserene/go-webrtc/third_party/webrtc' Installing Debian Stretch amd64 root image: /go/src/github.com/keroserene/go-webrtc/third_party/webrtc/src/build/linux/debian_stretch_amd64-sysroot Downloading https://commondatastorage.googleapis.com/chrome-linux-sysroot/toolchain/2202c161310ffde63729f29d27fe7bb24a0bc540/debian_stretch_amd64_sysroot.tar.xzsee the full build log here: https://gitlab.com/eighthave/snowflake/-/jobs/112538917
I think we need to consider alternate implementations of webrtc in order to make snowflake able to be included in Debian and other distros. There is a Go implementation that uses DTLS from openssl.
-
Trac:
Cc: whonix-devel@whonix.org to whonix-devel@whonix.org, eighthave -
FYI, I set up a GitLab CI project to run gitlab-ci pipelines for the canonical repo (https://git.torproject.org/pluggable-transports/snowflake.git). That will happily run in parallel with the TravisCI stuff that's there. Since Travis doesn't let you run arbitrary docker images, it is more limited in what you can do with it. My upcoming .gitlab-ci.yml update (see legacy/trac#28205 (moved) for dev history), includes running the builds and tests against various versions of Go/Debian/Ubuntu. That should help smooth packaging and deployment.
You can see that here: https://gitlab.com/torproject/snowflake/pipelines
-
I made a simple binary package to start testing this easily. Once https://github.com/keroserene/snowflake/pull/43 is merged, then the packages will be available in this apt repo: https://torproject.gitlab.io/snowflake/. Any fork of that in gitlab.com will automatically get their own apt repo, for example, here is my fork: https://eighthave.gitlab.io/snowflake/
-
Since this stuff was fresh in my brain, I rebased @infinity0's 2016 work on top of my Android pull request: https://github.com/eighthave/go-webrtc/tree/build-from-scratch
And threw it in a gitlab-ci job running in Debian/testing: https://gitlab.com/eighthave/go-webrtc/-/jobs/124653582
Seems the git repos have been rearranged, so the script needs an update.
Trac:
Cc: whonix-devel@whonix.org, eighthave to whonix-devel@whonix.org, eighthave, cohosh-
It would be nice to make some progress on this. Seems like we'd want two packages:
- a snowflake client so that other tools can more easily integrate Snowflake into their stuff
- a standalone proxy go instance so more people can run them and get automatic updates (legacy/trac#32677 (moved))
From what I can tell, libwebrtc was a blocker on this before. Since legacy/trac#28942 (moved) we've moved to a pure go implementation of WebRTC that is all open source.
-
I've been looking into this a bit, and using the obfs4proxy package as a starting point.
From what I can tell, the proper way to go about making debian packages of go applications is to also ensure that all of the go libraries the application depends on (those in
go.mod) are also debian packages. See this resource for info on making Go packages. This seems to be true for the obfs4proxy dependencies, but Snowflake has a much larger chain of dependencies at the moment. I don't think we'd need everything ingo.sum, but probably most of them.Maybe there's a way to package it with some of the dependencies (using
go mod vendor)? Trac:
Cc: whonix-devel@whonix.org, eighthave, cohosh to whonix-devel@whonix.org, eighthave, cohosh, catalyst-
I think the traditional debian approach is to actually, yes, make a deb for each go lib. And then you will pull in all eighteen-or-whatever go lib debs when you install your snowflake deb.
We can't be the only group in Debian considering packaging a go thing that pulls in a bunch of dependencies. We should figure out who in Debian is maintaining the go lib debs, and see what their plans are. Maybe there is already a critical mass somewhere of people who want to package and maintain go libs.
I bet anarcat or weasel or the Tails devs can help us find the right Go person inside Debian.
-
Replying to cohosh:
- a standalone proxy go instance so more people can run them
One of the awesome things about a snowflake deb (i.e. a deb that lets people become snowflakes) would be that you just install the deb and it magically works from there -- no editing text files, no opening ports, no installing tor, etc. Basically all the features of having a Snowflake browser extension, but now also in the (headless) deb package world.