{"id":224,"date":"2015-12-16T03:15:27","date_gmt":"2015-12-16T03:15:27","guid":{"rendered":"http:\/\/blogs.gentoo.org\/blueness\/?p=224"},"modified":"2016-03-31T00:39:35","modified_gmt":"2016-03-31T00:39:35","slug":"tor-ramdisk-20151215-released-libressl-to-the-rescue","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/blueness\/2015\/12\/16\/tor-ramdisk-20151215-released-libressl-to-the-rescue\/","title":{"rendered":"Tor-ramdisk 20151215 released: libressl to the rescue!"},"content":{"rendered":"

If you’ve read some of my previous posts, you know that I’ve been maintaining this hardened-Gentoo derived, uClibc-based, micro Linux distribution called “tor-ramdisk”.\u00a0\u00a0 Its a small image, less than 7 MB in size, whose only purpose is to host a Tor relay or exit node<\/a> in a ramdisk environment which vanishes when the system is shut down, leaving no traces behind.\u00a0 My student Melissa Carlson and I started the project in 2008 and I’ve been pushing out an update with every major release of Tor<\/a>.\u00a0 Over the years, I automated the build system and put the scripts on a git repository at gitweb.torproject.org<\/a> that Roger Dingledine<\/a> gave me.\u00a0 If you want to build your own image, all you need do is run the scripts in the chroot of a hardened amd64<\/a> or i686<\/a> uClibc stage3 image which you can get off the mirrors.<\/p>\n

Recently, upstream switched the tor-0.2.7.x branch to depend on openssl’s elliptic curves code.<\/a>\u00a0 Unfortunately, this code is patented<\/a> and can’t be distribute in tor-ramdisk.\u00a0 If you read the tor ebuilds<\/a>, you’ll see that the 0.2.7.x version has to DEPEND on dev-libs\/openssl[-bindist] while the 0.2.6 only depends on dev-libs\/openssl.\u00a0 Luckily, there’s libressl<\/a> which aims to be a free<\/a> drop in replacement for openssl.\u00a0 Its in the tree now and almost ready to go — I say almost because we’re still in the transition phase<\/a>.\u00a0 Libressl in Gentoo has been primarily hasufel<\/a>‘s project, but I’ve been helping out here and there.\u00a0 I got a few upstream commits to make sure it works in both uClibc and musl as well as with our hardened compiler.<\/p>\n

So, this is the first tor-ramdisk release with libressl.\u00a0 Of course I tested both the amd64 and i686 images and they work as expected, but libressl is new-ish so I’m still not sure what to expect.\u00a0 Hopefully we’ll get better security than we did from openssl, but I’ve got my eyes out for any CVE’s.\u00a0 At least we’re getting patent free code.<\/p>\n

Tor-ramdisk has been one of those mature projects where all I have to do is tweak a few version numbers in the scripts, press go, and out pops a new image.\u00a0 But I do have some plans for improvements: 1) I need to clean up the text user interface a bit.\u00a0 Its menu driven and I need to consolidate some of the menu items, like the ‘resource’ menu and the ‘entropy’ menus.\u00a0 2) I want to enable IPv6 support.\u00a0 For the longest time Tor was IPv4 only but for a couple of years now, it has supported IPv6.\u00a0 3) Tor can run in one of several modes.\u00a0 Its ideal as a relay or exit node, but can be configured as client or hidden service for processes running on a different box.\u00a0 However, tor-ramdisk can’t be used as a bridge.\u00a0 I want to see if I can add bridge support.\u00a0 4) Finally, I’m thinking of switching from uClibc to musl and building static PIE executables<\/a>.\u00a0 This would make a tighter image than the current one.<\/p>\n

If you’re interested in running tor-ramdisk, here are some links:<\/p>\n

i686:
\nHomepage: http:\/\/opensource.dyc.edu\/tor-ramdisk<\/a>
\nDownload: http:\/\/opensource.dyc.edu\/tor-ramdisk-downloads<\/a>
\nChangeLog: http:\/\/opensource.dyc.edu\/tor-ramdisk-changelog<\/a><\/p>\n

x86_64:
\nHomepage: http:\/\/opensource.dyc.edu\/tor-x86_64-ramdisk<\/a>
\nDownload: http:\/\/opensource.dyc.edu\/tor-x86_64-ramdisk-downloads<\/a>
\nChangeLog: same as i686.<\/p>\n","protected":false},"excerpt":{"rendered":"

If you’ve read some of my previous posts, you know that I’ve been maintaining this hardened-Gentoo derived, uClibc-based, micro Linux distribution called “tor-ramdisk”.\u00a0\u00a0 Its a small image, less than 7 MB in size, whose only purpose is to host a Tor relay or exit node in a ramdisk environment which vanishes when the system is … Continue reading “Tor-ramdisk 20151215 released: libressl to the rescue!”<\/span><\/a><\/p>\n","protected":false},"author":141,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[1,3],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/posts\/224"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/users\/141"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/comments?post=224"}],"version-history":[{"count":5,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/posts\/224\/revisions"}],"predecessor-version":[{"id":305,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/posts\/224\/revisions\/305"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/media?parent=224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/categories?post=224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/blueness\/wp-json\/wp\/v2\/tags?post=224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}