Package for architecture armhf (e.g. for raspberry pi)
The version of tor being made available to raspbian (e.g. on a raspberry pi 4) is 0.4.2.7-1~d10.buster+1. This appears to be a sufficiently old version to get the "not recommended" flag.
First saw the issue reported on reddit and was able to repro on my rpi4.
It looks like the raspberry pi's are architecture "armhf", which isn't provided at https://deb.torproject.org/torproject.org. (I realized this partway through writing this up, and that this is hence probably more of a feature request than a bug)
Steps to reproduce:
Install repo key
$ sudo /bin/bash root@raspberrypi:/home/jnewsome# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import gpg: key EE8CBC9E886DDD89: 83 signatures not checked due to missing keys gpg: key EE8CBC9E886DDD89: "deb.torproject.org archive signing key" 52 new signatures gpg: Total number processed: 1 gpg: new signatures: 52 gpg: no ultimately trusted keys found root@raspberrypi:/home/jnewsome# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - OK
jnewsome@raspberrypi:~ $ sudo apt update Hit:1 http://archive.raspberrypi.org/debian buster InRelease Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease Get:3 https://deb.torproject.org/torproject.org buster InRelease [3,524 B] Get:4 https://deb.torproject.org/torproject.org buster/main Sources [1,250 B] Fetched 4,774 B in 2s (1,933 B/s) Reading package lists... Done Building dependency tree Reading state information... Done 271 packages can be upgraded. Run 'apt list --upgradable' to see them. N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://deb.torproject.org/torproject.org buster InRelease' doesn't support architecture 'armhf'
^ this last line looks like the problem.
Try installing/updating anyway for good measure:
jnewsome@raspberrypi:~ $ apt show tor Package: tor Version: 0.4.2.7-1~d10.buster+1 Status: install ok installed Priority: optional Section: net Maintainer: Peter Palfrader <email@example.com> Installed-Size: 4,217 kB Depends: libc6 (>= 2.28), libcap2 (>= 1:2.10), libevent-2.1-6 (>= 2.1.8-stable), libgcc1 (>= 1:3.5), liblzma5 (>= 5.1.1alpha+20120614), libssl1.1 (>= 1.1.1), libsystemd0, libzstd1 (>= 1.3.2), zlib1g (>= 1:1.1.4), adduser, lsb-base Recommends: logrotate, tor-geoipdb, torsocks Suggests: mixmaster, torbrowser-launcher, socat, tor-arm, apparmor-utils, obfs4proxy Conflicts: libssl0.9.8 (<< 0.9.8g-9) Homepage: https://www.torproject.org/ Download-Size: unknown APT-Manual-Installed: yes APT-Sources: /var/lib/dpkg/status Description: anonymizing overlay network for TCP Tor is a connection-based low-latency anonymous communication system. . Clients choose a source-routed path through a set of relays, and negotiate a "virtual circuit" through the network, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is decrypted at each relay, which reveals the downstream relay. . Basically, Tor provides a distributed network of relays. Users bounce their TCP streams (web traffic, ftp, ssh, etc) around the relays, and recipients, observers, and even the relays themselves have difficulty learning which users connected to which destinations. . This package enables only a Tor client by default, but it can also be configured as a relay and/or a hidden service easily. . Client applications can use the Tor network by connecting to the local socks proxy interface provided by your Tor instance. If the application itself does not come with socks support, you can use a socks client such as torsocks. . Note that Tor does no protocol cleaning on application traffic. There is a danger that application protocols and associated programs can be induced to reveal information about the user. Tor depends on Torbutton and similar protocol cleaners to solve this problem. For best protection when web surfing, the Tor Project recommends that you use the Tor Browser Bundle, a standalone tarball that includes static builds of Tor, Torbutton, and a modified Firefox that is patched to fix a variety of privacy bugs. N: There is 1 additional record. Please use the '-a' switch to see it jnewsome@raspberrypi:~ $ sudo apt install tor Reading package lists... Done Building dependency tree Reading state information... Done tor is already the newest version (0.4.2.7-1~d10.buster+1). The following packages were automatically installed and are no longer required: alsa-base gstreamer0.10-alsa gstreamer0.10-plugins-base libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libllvm8 libmicrodns0 libva-wayland2 libxfce4util-bin libxfce4util-common libxfce4util7 libxfconf-0-2 pimixer point-rpi xfconf Use 'sudo apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 271 not upgraded.
What is the current bug behavior?
0.4.2.7 appears to be the newest-available version.
What is the expected behavior?
It should be the latest production version. It looks like buster on arm64 is currently getting 0.4.5.7, but maybe this isn't the package list that raspbian ends up getting?
- Which version of Tor are you using? Run
tor --versionto get the version if you are unsure.
- Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.
$ lsb_release --all No LSB modules are available. Distributor ID: Raspbian Description: Raspbian GNU/Linux 10 (buster) Release: 10 Codename: buster $ uname -a Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux
- Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.