Package for architecture armhf (e.g. for raspberry pi)
Summary
The version of tor being made available to raspbian (e.g. on a raspberry pi 4) is 0.4.2.7-1~d10.buster+1. This appears to be a sufficiently old version to get the "not recommended" flag.
First saw the issue reported on reddit and was able to repro on my rpi4.
It looks like the raspberry pi's are architecture "armhf", which isn't provided at https://deb.torproject.org/torproject.org. (I realized this partway through writing this up, and that this is hence probably more of a feature request than a bug)
Steps to reproduce:
Install repo key
$ sudo /bin/bash
root@raspberrypi:/home/jnewsome# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg: key EE8CBC9E886DDD89: 83 signatures not checked due to missing keys
gpg: key EE8CBC9E886DDD89: "deb.torproject.org archive signing key" 52 new signatures
gpg: Total number processed: 1
gpg: new signatures: 52
gpg: no ultimately trusted keys found
root@raspberrypi:/home/jnewsome# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
OK
Update repo
jnewsome@raspberrypi:~ $ sudo apt update
Hit:1 http://archive.raspberrypi.org/debian buster InRelease
Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease
Get:3 https://deb.torproject.org/torproject.org buster InRelease [3,524 B]
Get:4 https://deb.torproject.org/torproject.org buster/main Sources [1,250 B]
Fetched 4,774 B in 2s (1,933 B/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
271 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://deb.torproject.org/torproject.org buster InRelease' doesn't support architecture 'armhf'
^ this last line looks like the problem.
Try installing/updating anyway for good measure:
jnewsome@raspberrypi:~ $ apt show tor
Package: tor
Version: 0.4.2.7-1~d10.buster+1
Status: install ok installed
Priority: optional
Section: net
Maintainer: Peter Palfrader <weasel@debian.org>
Installed-Size: 4,217 kB
Depends: libc6 (>= 2.28), libcap2 (>= 1:2.10), libevent-2.1-6 (>= 2.1.8-stable), libgcc1 (>= 1:3.5), liblzma5 (>= 5.1.1alpha+20120614), libssl1.1 (>= 1.1.1), libsystemd0, libzstd1 (>= 1.3.2), zlib1g (>= 1:1.1.4), adduser, lsb-base
Recommends: logrotate, tor-geoipdb, torsocks
Suggests: mixmaster, torbrowser-launcher, socat, tor-arm, apparmor-utils, obfs4proxy
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
Homepage: https://www.torproject.org/
Download-Size: unknown
APT-Manual-Installed: yes
APT-Sources: /var/lib/dpkg/status
Description: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
N: There is 1 additional record. Please use the '-a' switch to see it
jnewsome@raspberrypi:~ $ sudo apt install tor
Reading package lists... Done
Building dependency tree
Reading state information... Done
tor is already the newest version (0.4.2.7-1~d10.buster+1).
The following packages were automatically installed and are no longer required:
alsa-base gstreamer0.10-alsa gstreamer0.10-plugins-base libgstreamer-plugins-base0.10-0
libgstreamer0.10-0 libllvm8 libmicrodns0 libva-wayland2 libxfce4util-bin
libxfce4util-common libxfce4util7 libxfconf-0-2 pimixer point-rpi xfconf
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 271 not upgraded.
What is the current bug behavior?
0.4.2.7 appears to be the newest-available version.
What is the expected behavior?
It should be the latest production version. It looks like buster on arm64 is currently getting 0.4.5.7, but maybe this isn't the package list that raspbian ends up getting?
Environment
- Which version of Tor are you using? Run
tor --version
to get the version if you are unsure.
0.4.2.7
- Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.
$ lsb_release --all
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 10 (buster)
Release: 10
Codename: buster
$ uname -a
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux
- Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.
apt