Updated to tor 0.2.5.11 from deb package and switched to Debian jessie. Closes #8.

[ypid]

Anything I overlooked why building from source is preferred?

• Debian is the recommended base image for Docker.
  See https://docs.docker.com/articles/dockerfile_best-practices/#from

• Debian stable is normally preferred in regards to security but the current version of tor from deb.torproject.org can not be used with stable:

  The following packages have unmet dependencies:
   tor : Depends: libc6 (>= 2.14) but 2.13-38+deb7u8 is to be installed
         Depends: libseccomp2 (>= 0.0.0~20120605) but it is not installable
  

• Changed volume of tor home dir to the default one /var/lib/tor.
  Note that when I do docker rm … && docker run … docker will not use
  the previously used volume but instead create a new container
  resulting in a new private key being generated.
  I use docker run -v /srv/tor:/var/lib/tor for persistent storage.

• https://www.torproject.org/docs/debian.html.en

• apt automatically checks packages with GPG. Related to Securely install Tor #8. Note that Securely install Tor #8 also includes a Makefile, which you might want to cherry-pick.

• Using apt_preferences to ensure that packages from deb.torproject.org are
  preferred. Without this, all packages are installed from the Debian repository.
  See man apt_preferences.

• One could also run tor inside the Docker container as debian-tor user.
  But note that the UID of debian-tor might be mapped to a different user
  outside of the container resulting in read+write access for this user
  to the private key.

[patrickod]

Thanks for the PR! I accidentally unsubscribed from watching my own repos so only seeing this now.

I think it'd be good to split the working directory change from this as to allow for an in-place upgrade. Definitely a change I'd like to have made in hindsight, but thinking it'd be better to allow for easier updates. Thoughts?

[ypid]

I would recommend to make a clean break now and have everything in the default location. We could add a note for how to migrate.

Something like:

docker run -rm --volumes-from $CONTAINER_NAME busybox mv /.tor /var/lib/tor

Should be strained forward (but untested). Even better would be to write a small script which migrates automatically.

[patrickod]

Is it possible to communicate this change to someone who just pulls the
latest image from the registry? If so them I'm all for doing that +
making the change.

On Wed, Apr 22, 2015 at 03:34:44AM -0700, Robin Schneider wrote:

I would recommend to make a clean break now and have everything in the default location. We could add a note for how to migrate.

Something like:

docker run -rm --volumes-from $CONTAINER_NAME busybox mv /.tor /var/lib/tor

Should be strained forward (but untested).

---

Reply to this email directly or view it on GitHub:
#9 (comment)

Patrick O'Doherty
+1 (650) 701-7829

[ypid]

Should be possible. I can look into this when I have time.

[ypid]

I reverted the directory changes in this PR. Ready for merging.

[patrickod]

Tested locally. Runs great. Version is now 0.2.5.12 which is latest stable as of time of writing.

thanks!