[Whonix-devel] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 17 14:39:13 CET 2020
#19409: Make a deb of snowflake and get into Debian
Reporter: adrelanos | Owner: cohosh
Type: enhancement | Status: assigned
Priority: High | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
Comment (by anarcat):
> Maybe there's a way to package it with some of the dependencies (using
go mod vendor)?
That's certainly possible, but frowned upon in Debian. In general, we try
to package libs separately to alleviate the maintenance burden on the
release and security teams (as they may need to update those packages in
the future). Golang is special, unfortunately, there are a number of
issues with Debian packaging of golang that make that harder:
... nothing you need to worry about here, though: we should still pretend
that golang is like everyone else and that we can't just vendor everything
> And then you will pull in all eighteen-or-whatever go lib debs when you
install your snowflake deb.
That, however, is not quite accurate: golang is still statically linked in
Debian, just like everywhere else, because the upstream tooling for
dynamic linking is non-existent (or at least non-existent enough that it
just doesn't work - Ubuntu tried it and failed). So everything is, in
fact, "vendored in", from a binary perspective.
> We can't be the only group in Debian considering packaging a go thing
that pulls in a bunch of dependencies. We should figure out who in Debian
is maintaining the go lib debs, and see what their plans are. Maybe there
is already a critical mass somewhere of people who want to package and
maintain go libs.
The trick here is to open a bug report in the Debian BTS
(https://bugs.debian.org/) for each package and each of its dependencies.
That way duplicate efforts are avoided.
There's a magic command called `dh-make-golang` which will build a
skeleton debian package of your golang module, and will show which
dependencies are missing. Then you run `dh-make-golang` on those,
recursively, until you're done. Each of those invocations gives you an
"ITP" (Intent To Package) email template that you then send to the BTS and
use to update your progress. When you're done with a package, you find a
sponsor (ie. a debian member, e.g. yes me or weasel, or talk to
https://mentors.debian.net) to get your package into unstable, and you're
basically done (until you need an update).
> One of the awesome things about a snowflake deb (i.e. a deb that lets
people become snowflakes) would be that you just install the deb and it
magically works from there -- no editing text files, no opening ports, no
installing tor, etc. Basically all the features of having a Snowflake
browser extension, but now also in the (headless) deb package world.
... that sometimes involves a lot of tricky debian packaging tricks. It is
much easier to do this when upstream already provides tools to do that
hard stuff ("edit text file", "open port" (?), "configure tor")...
> Debian teams have a standardized package template and workflow. It is
important to follow these, otherwise you will not receive maintenance work
from the team. Custom packaging methods are just too time consuming to
Ideally, yes, you get the golang team involved and the package is assigned
to the team so it falls under their umbrella. This is particularly
relevant for dependencies that might be used by other packages as well.
However I'm not sure it's relevant for snowflake itself, because it's
specific to us (tor).
Let me know if you have any other questions: I have packaged a few golang
libraries and one binary in Debian and learned some of the ropes, so I can
help. (Hey, and look at that - I *am* part of the golang team, so you got
a team member to ask right here. ;)
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19409#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the Whonix-devel