Request 674 (accepted)
Tor is a connection-based low-latency anonymous communication system. Clients choose a source-routed path through a set of relays, and negotiate a "virtual circuit" through the network, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is decry [+]
- Created by nielnielsen over 9 years ago
- In state accepted
Submit package home:nielnielsen / tor to package sailfishos:chum:1.0.8.19:testing / tor
The diff call for /source/sailfishos:chum:1.0.8.19:testing/tor?cmd=diff&orev=d41d8cd98f00b204e9800998ecf8427e&rev=c04ff6a809b68b5f16b909ab174e16de&view=xml&withissues=1 failed: project 'sailfishos:chum:1.0.8.19:testing' does not exist
Comments for request 674 (6)
There's nothing to be done right now
Request History
nielnielsen | created request | 1407502125 over 9 years ago |
Tor is a connection-based low-latency anonymous [+] |
||
tbr | Request got accepted | 1407752051 over 9 years ago |
Current state of packaging is a severe security [+] |
Thanks for submitting this! I'm sure many users are interested in having TOR on their Sailfish devices.
As it is really important in this case that everything is right and no mistakes happen, I'll be inviting more people to review this. Also as the package contains non-upstream files AND some files seem to be run as root.
JFTR: Basic checkup is OK: Tarball is identical to upstream and GPG signature is fine.
After some further basic review I have strong reservations about the current state of packaging and will be forced to reject this SR. Please resubmit after addressing the following items: - It looks like the packaging tries to establish a general root backdoor on the device (suid root 'runasroot'), not acceptable! - The 'runasroot' binary comes without sources and can not be evaluated, not acceptable. (Irrelevant due to above, but still a general point, don't include random binaries.) - Operating as root on the nemo home directory, why?
By accident accepted the request, so proceeded to delete the package. At that time I noticed that it doesn't seem to build properly, maybe a missing devel package dependency.
You need libevent to finish build
Unfortunately root is needed to allow tor to access network with enough proviledges. This cant be changed easily. A work-around, is the runasroot binary which basically does nothing but allowing to run tor with enough priviledges. This way, tor itself will not need proviledges, but instead will be allowed by being opened from runasroot. Yes, this is not perfect, but as-is it cant be resolved in any other way. At least to my knowledge. So, basically, tor is run similar to a user issuing 'sudo tor".
Another thing. As I want to enable changing the tor icon to show the state of tor (running=green onion / stopped=red onion) I also need escalated proviledges in order to change the desktop icon.
Lastly, sailfishos as-is doesnt implement (socks)proxy that is working in the network settings. Thus, root is needed in order to change to proxy settings for sailfish-browser.
I understand if this cannot be accepted, and thus I will keep it on my opemrepos, as well as my account here.
Cheers
Oh! And You are right, users do enjoy this package. So, lets hope Jolla finds a way to allow nemo to access necessary files/folders without explicitly needing root.
source for the runasroot is quite simple:
include