Tor Standalone for TazPup (Some notes on compiling)

Configuration wizards, scanners, remote desktop, etc.
Post Reply
Message
Author
s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

Tor Standalone for TazPup (Some notes on compiling)

#1 Post by s243a »

Downloads
tor-0.3.4.8-i686.tgz
tor-0.3.4.8-i686.tgz.tazpkg
**Note, I created the user and group tor on my system both with the id "220"

Part 1 - Building a Stand Alone Version of Tor with Slackbuild Scripts for TazPup

I decided to make this it's own thread because I wanted to give some background on a few topics. This is relevant to puppy in general but I'm focussing on TazPup.

some observations
1. The tor website only offers the browser bundle of tor,
2. distribution specific versions of Tor might be tightly integrated with the linux distribution, which may cause problems with puppy and;
3. by compiling a distribution specific version of a package, it will be better integrated with the package manager (in terms of finding dependencies).

The distribution I'm focusing on is TazPup and I chose to use the slackbuild scripts as the starting point to build Tor.

The reason, that I chose the slackbuild scripts is that they are easy to modify and tend not to have distribution specific quirks to them, Slackware is known for simplicity where in contrast I find the Debian package management system very complex and fragile.

The kernal sources are required to build Tor because the header file limits.h is imported in the c code. The dependence on the kernal sources is probably pretty lose but I'm told the kernal sources that I used in my build are compatable with TazPup.

To get your kernal version type:

Code: Select all

uname -a
Ideally one wants the same kernel sources used to build the kernel, when building a package for a given distribution, however, since Tor is fairly portable between distributions the parts of the kernel source it depends on are likely similar in most Linux distributions therefore something close will likely do in this case.

I ran the configure scripts prior to even trying the slackbuild scripts. One might want to do this because the slackbuild scripts often re-do a lot of tasks each time (e.g. extracting files to a temporary folder). and this could slow down the troubleshooting process.

After mouting the sfs file containing the kernal sources I searched for limits.h

Code: Select all

sh-4.4# find /usr/src -name 'limits.h'
/usr/src/linux/arch/arm/include/asm/limits.h
/usr/src/linux/include/uapi/linux/limits.h
/usr/src/linux/usr/include/linux/limits.h
The include statement the threw the error in the C pre processor (aka cpp) was of the form "linux/limits.h" and therefore from this I concluded that I should add the last path (i.e. /usr/src/linux/usr/include/l) to the cpp flags, which is done as follows:

Code: Select all

export CPPFLAGS="-I/usr/include -I/usr/src/linux/usr/include"
after executing the above statement I ran the slackbuild script:

Code: Select all

cd /home/tux/Downloads/tor.tar.gz.extracted/tor
./tor.slackbuild
Note that the tor sourcecode has to be in the same directory as a slackbuild script. I got my sourcecode from the tor website but the slackbuild scripts have a link for the specific version of the sourcecode used for a particular version of slackware.

If you use a different version of the sourcecode then one must modify the slackbuild script to point to the correct version of the source code.

In my case I simply had to modify the line containing the following code:

Code: Select all

VERSION=${VERSION:-0.3.4.8}
to have 0.3.4.8 as the version. This variable is used for both building the package name and constructing the path to the source code.

When using slackbuild scripts I have at times tried to be fancy and modify the script to cover all specifics to changing the distribution but a quick an dirty thing to do instead is just comment the few lines at the end where the package is built:

Code: Select all

#mkdir -p $PKG/install
#cat $CWD/slack-desc > $PKG/install/slack-desc
#cat $CWD/doinst.sh > $PKG/install/doinst.sh
#
#cd $PKG
#/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
this avoids potential problems with getting path names correct. When the script is run it will create two folders:

Code: Select all

/tmp/SBo/package-tor
/tmp/SBo/tor-0.3.4.8
the first is the package being built and the second is the working directory for the build process.

Now if you look at the lines that I commented out we see two distribution specific items. The first is the information about the package "slack-desc" and the second is the post install script. In some distributions (e.g. debian) these can be quite complicated and I thought rather than trying to figure out how to create these from scratch on TazPup, I would use the conversion tools that are built into tazpkg.

After doing some googling I found out that a slackware package is simply a tar archive compressed with gunzip. If you want to extract a tazpackage you can change the .tgz to .tar.gz extension and use a tool (e.g. uextract) to extract the tar archive. Actually it isn't really necessary to change the extension but the .tgz file extention might not be set up to be associated with uextract, and changing the extension is faster than setting up uextract to open .tgz files.

Anyway, one can see that I shouldn't have commented out the lines:

Code: Select all

#mkdir -p $PKG/install
#cat $CWD/slack-desc > $PKG/install/slack-desc
#cat $CWD/doinst.sh > $PKG/install/doinst.sh
but one can instead of relying on the script manually create the directory and copy these two files over. Once this is done one can create the archive as follows:

Code: Select all

cd /tmp/SBo/package-tor
tar -cvzf /home/tux/tor-0.3.4.8-i686.tgz ./* 
Now to convert it to a package for tazpup one can either right click on it and select "package tools" or alternatively from the command line they can type:

Code: Select all

tazpkg convert /home/tux/tor-0.3.4.8-i686.tgz
Once the package is converted one can either double click on it to install it or from the command line type

Code: Select all

tazpkg install /home/tux/tor-0.3.4.8-i686.tazpkg
Note I will upload the resulting packages shortly and modify this post with the link.
Last edited by s243a on Fri 14 Sep 2018, 08:20, edited 2 times in total.

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#2 Post by s243a »

Part II Starting Tor and Testing it Out

To test the package I wanted to see if I could load any onion sites in the browser. My preferred browser on TazPup is iron-linux because it is both a fast and highly cable browser. It is based on chrome.

For firefox, my prefered way to connect to tor is with foxyproxy but I wasn't sure what a good chrome alternative was and I read that one could do something similar with privoxy without needing to install a browser extension. I thought that this would be a good opportunity to try out privoxy and see what capabilities that it has.

I installed privoxy from the TazPup package manager. Privoxy can be started as follows:

Code: Select all

cd /etc/init/d
./privoxy start
and tor can be started as follows:

Code: Select all

cd /etc/rc.d
./rc.tor start
However, to forward onion addresses to tor one should add the following:

Code: Select all

forward-socks5t .onion localhost:9050 .

and they my also which to add:

Code: Select all

forward .i2p 127.0.0.1:4444 .
in case they want to do the same thing for i2p. Now for chrome based browsers one is supposed to be able to do the following:

Code: Select all

iron --proxy-server="localhost:8118" --dns-prefetch-disable
but unfortunately this didn't work for me with the iron-linux browser on TazPup. However, archiwiki suggests that this should work for chormium.

There are a few variants of this command line switch. For instance one can specify the protocol e.g. "socks5:localhost:1234" but none of them worked with iron-linux. A complete list of command line switches can be found here and here.

Some notes:

1. I don't believe that onion addresses are typically associated with an ip address unless someone is doing some kind of hack with onioncat.
2. I think that the --dns-prefetch-disable is what keeps a failed dns request from preventing the .onion url from loading.
3. If one wants to simply use tor as a proxy to the internet rather then using onion addresses they my want to use other options to catch dns leaks (e.g. /etc/resolv.conf, bind, dnsmasq or tor's Transparent Proxy (uses iptables).

Anway, since foxyproxy has proven to be reliable for me in the past I decided to install the lastest firefox available via the tazpup package manager. Firefox is a much more resource intensive then the version of iron-linux that is avaiable via the tazpup package manager.

I was able to get foxyproxy to forward onion addresses to privoxy. This is a bit redundant but I don't know enough to say that it is without merit. However, if one decides to do this (perhaps only for testing), to configure privoxy in foxy proxy, set:
Proxy Type = HTTP
and just use "*" as the pattern because in this case privoxy will be doing the filtering instead of foxyproxy.

To configure Tor in foxyproxy set:
Proxy Type = SOCKS5
ip address = 127.0.0.1
Port = 9050

one can look in /etc/tor/torrc to verify this is the correct SOCKS5 port, but 9050 is the default SOCKS5 port if it isn't set in torrc.

Note that if we are using foxproxy to forward trafic to tor we don't need privoxy and one can use firefox's built-in proxy tools instead of using foxyproxy if we prefer. However, if one is using foxyproxy it is quicker to disable the proxy if for some reason someone wants to temporarily sutdown tor.

Also note that the Tor browser bundle supposedly has better security than the stand version of Tor both due to browser configuration settings and using separate tor circuits for each http request. This however, means that the Tor browser is slower than using the stand-alone version of Tor. If one is using a darkenet more for free speech reasons than privacy then the speed gained from the stand alone version of tor is probably preferred over the tor browser bundle.
Last edited by s243a on Thu 13 Sep 2018, 17:38, edited 1 time in total.

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#3 Post by s243a »

Part III Some Test Onion Addresses

The onion address that I recommend most for testing Tor is the duckduckgo onion address.

https://3g2upl4pq6kufc4m.onion/

the reason being is that it has the backing of a major company. Without sufficient resources behind an onion site on average they may not last long, because someone has to maintain the servers and the servers are often attacked via the Tor network by hackers. Also if the site is on the radar of LEA then it may get siezed.

I found a larger list of onionsites on pastebin but I'll let people search for it. I didn't go through or test the links that I fond on this pastbin page.

Some notes on Other Darknets
Note that because freenet doesn't rely on people running servers to host the content on freenet, it is much more stable than tor onion sites but tor is faster and lighter weight. Also the more paranoid people perfer i2p over tor because of the number of Tor nodes that the US government has. Also attacking the i2p network is supposed to make it stronger. However, I find i2p even less reliable than tor. If someone is looking for a fast lightweight alternative to freenet, I suggest zeronet. The security/privacy of zeronet isn't as good as freenet but should be sufficient for most peoples needs.

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#4 Post by s243a »

Part IV - Using Zeronet with Tor
How to make ZeroNet work with Tor under Linux?

edit:
/etc/tor/torrc
Remove the # character from lines ControlPort 9051 and CookieAuthentication 1 (line ~57)

Also add the following below this line:

Code: Select all

DataDirectoryGroupReadable 1
CookieAuthFileGroupReadable 1
ExtORPortCookieAuthFileGroupReadable 1
CacheDirectoryGroupReadable 1
CookieAuthFile /var/lib/tor/control_auth_cookie
**This wasn't mentioned in the zeronet FAQ. I found it here

/etc/rc.d/tor restart
Add permission yourself to read the auth cookie by addgroup tux tor

check the file's user group by ls -al /var/run/tor/control.authcookie)

Code: Select all

ls -al /var/lib/tor/control_auth_cookie

Logout/Login with your user to apply group changes


....

ZeroNet does not include Tor pluggable transports yet. The easiest way to make Tor work in a censored network is to start the Tor browser, configure it to connect to the Tor network with working pluggable transports, and modify ZeroNet's config to use Tor browser's proxy and control port by starting ZeroNet with --tor_controller 127.0.0.1:9151 --tor_proxy 127.0.0.1:9150 or by adding these parameters to zeronet.conf

[global]
tor_controller = 127.0.0.1:9151
tor_proxy = 127.0.0.1:9150

Can I use the same username on multiple machine?

Modified instructions for my TazPub varient of the Tor Slackbuild. Original document was:
https://zeronet.readthedocs.io/en/lates ... nder-linux

and differs slightly since it is tailored towards debian. Note also that the above instructions use the addgroup command instead of usermod, since Slitaz/TazPup doesn't come with the usermod command.

Post Reply