Skip to content

Package for architecture armhf (e.g. for raspberry pi)

Summary

The version of tor being made available to raspbian (e.g. on a raspberry pi 4) is 0.4.2.7-1~d10.buster+1. This appears to be a sufficiently old version to get the "not recommended" flag.

First saw the issue reported on reddit and was able to repro on my rpi4.

It looks like the raspberry pi's are architecture "armhf", which isn't provided at https://deb.torproject.org/torproject.org. (I realized this partway through writing this up, and that this is hence probably more of a feature request than a bug)

Steps to reproduce:

Install repo key

$ sudo /bin/bash

root@raspberrypi:/home/jnewsome# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg: key EE8CBC9E886DDD89: 83 signatures not checked due to missing keys
gpg: key EE8CBC9E886DDD89: "deb.torproject.org archive signing key" 52 new signatures
gpg: Total number processed: 1
gpg:         new signatures: 52
gpg: no ultimately trusted keys found

root@raspberrypi:/home/jnewsome# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
OK

Update repo

jnewsome@raspberrypi:~ $ sudo apt update
Hit:1 http://archive.raspberrypi.org/debian buster InRelease
Hit:2 http://raspbian.raspberrypi.org/raspbian buster InRelease
Get:3 https://deb.torproject.org/torproject.org buster InRelease [3,524 B] 
Get:4 https://deb.torproject.org/torproject.org buster/main Sources [1,250 B]
Fetched 4,774 B in 2s (1,933 B/s)   
Reading package lists... Done
Building dependency tree       
Reading state information... Done
271 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://deb.torproject.org/torproject.org buster InRelease' doesn't support architecture 'armhf'

^ this last line looks like the problem.

Try installing/updating anyway for good measure:

jnewsome@raspberrypi:~ $ apt show tor
Package: tor
Version: 0.4.2.7-1~d10.buster+1
Status: install ok installed
Priority: optional
Section: net
Maintainer: Peter Palfrader <weasel@debian.org>
Installed-Size: 4,217 kB
Depends: libc6 (>= 2.28), libcap2 (>= 1:2.10), libevent-2.1-6 (>= 2.1.8-stable), libgcc1 (>= 1:3.5), liblzma5 (>= 5.1.1alpha+20120614), libssl1.1 (>= 1.1.1), libsystemd0, libzstd1 (>= 1.3.2), zlib1g (>= 1:1.1.4), adduser, lsb-base
Recommends: logrotate, tor-geoipdb, torsocks
Suggests: mixmaster, torbrowser-launcher, socat, tor-arm, apparmor-utils, obfs4proxy
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
Homepage: https://www.torproject.org/
Download-Size: unknown
APT-Manual-Installed: yes
APT-Sources: /var/lib/dpkg/status
Description: anonymizing overlay network for TCP
 Tor is a connection-based low-latency anonymous communication system.
 .
 Clients choose a source-routed path through a set of relays, and
 negotiate a "virtual circuit" through the network, in which each relay
 knows its predecessor and successor, but no others. Traffic flowing
 down the circuit is decrypted at each relay, which reveals the
 downstream relay.
 .
 Basically, Tor provides a distributed network of relays. Users bounce
 their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
 recipients, observers, and even the relays themselves have difficulty
 learning which users connected to which destinations.
 .
 This package enables only a Tor client by default, but it can also be
 configured as a relay and/or a hidden service easily.
 .
 Client applications can use the Tor network by connecting to the local
 socks proxy interface provided by your Tor instance. If the application
 itself does not come with socks support, you can use a socks client
 such as torsocks.
 .
 Note that Tor does no protocol cleaning on application traffic. There
 is a danger that application protocols and associated programs can be
 induced to reveal information about the user. Tor depends on Torbutton
 and similar protocol cleaners to solve this problem. For best
 protection when web surfing, the Tor Project recommends that you use
 the Tor Browser Bundle, a standalone tarball that includes static
 builds of Tor, Torbutton, and a modified Firefox that is patched to fix
 a variety of privacy bugs.

N: There is 1 additional record. Please use the '-a' switch to see it

jnewsome@raspberrypi:~ $ sudo apt install tor
Reading package lists... Done
Building dependency tree       
Reading state information... Done
tor is already the newest version (0.4.2.7-1~d10.buster+1).
The following packages were automatically installed and are no longer required:
  alsa-base gstreamer0.10-alsa gstreamer0.10-plugins-base libgstreamer-plugins-base0.10-0
  libgstreamer0.10-0 libllvm8 libmicrodns0 libva-wayland2 libxfce4util-bin
  libxfce4util-common libxfce4util7 libxfconf-0-2 pimixer point-rpi xfconf
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 271 not upgraded.

What is the current bug behavior?

0.4.2.7 appears to be the newest-available version.

What is the expected behavior?

It should be the latest production version. It looks like buster on arm64 is currently getting 0.4.5.7, but maybe this isn't the package list that raspbian ends up getting?

Environment

  • Which version of Tor are you using? Run tor --version to get the version if you are unsure.

0.4.2.7

  • Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.
$ lsb_release --all
No LSB modules are available.
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

$ uname -a
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux
  • Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.

apt

Relevant logs and/or screenshots

Possible fixes

Edited by Jim Newsome
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information