dockerfiles icon indicating copy to clipboard operation
dockerfiles copied to clipboard
verified publisher icon jessfraz

Version used in tor-relay indicated as 'not recommended' by ToR network

Open wabee opened this issue 6 years ago • 2 comments

wabee avatar Mar 17 '19 19:03 wabee

Suggest use of the more recent tor version from alpine:edge repository

wabee avatar Apr 10 '19 20:04 wabee

Firstly - thank you for this great resource, this has saved me hours figuring out good/neat ways to build certain docker images.

I believe the crux of this ticket is that when running the latest docker image jess/tor-relay, the log files tell you off for running an old version:

Aug 13 21:21:31.000 [warn] Please upgrade! This version of Tor (0.3.4.11) is not recommended, according to the directory authorities. Recommended versions are: 0.2.9.15,0.2.9.16,0.2.9.17,0.3.5.8,0.4.0.5,0.4.0.6,0.4.1.2-alpha,0.4.1.3-alpha,0.4.1.4-rc,0.4.1.5

After looking in to this I would expect the image to be on a later version and thought I would share my reasoning.

My assumption here is that jess/tor-relay (from docker hub) is built from https://github.com/jessfraz/dockerfiles/blob/master/tor-relay/Dockerfile (I assume that to be up to date because https://hub.docker.com/r/jess/tor-relay/ says it was updated 19 hours ago).

So when I pull the latest version I get Tor 0.3.4.11:

$ docker pull jess/tor-relay:latest && docker run jess/tor-relay:latest
latest: Pulling from jess/tor-relay
Digest: sha256:dc1e563ee5f73df30c9bfbc51dcca813511bd06ea40de6c71bea132fadcc12e4
Status: Image is up to date for jess/tor-relay:latest
Aug 13 21:36:51.194 [notice] Tor 0.3.4.11 (git-4fd31340f3355342) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1b, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.

But when I build locally the latest commit (54c5cdb6c052801129a9676128a4ca28be5b1fb6) from this repo, I'm creating an image with the tor Tor 0.3.5.8 (one that the log files don't shout at me for running).

$ pwd
/home/andrew/git/dockerfiles/tor-relay
$ docker build -t x . && docker run x
Sending build context to Docker daemon  39.42kB
Step 1/20 : FROM alpine:latest
..
..
..
Step 20/20 : ENTRYPOINT [ "/run.sh" ]
 ---> Using cache
 ---> 20d91a7c9148
Successfully built 20d91a7c9148
Successfully tagged x:latest
Aug 13 21:39:56.919 [notice] Tor 0.3.5.8 running on Linux with Libevent 2.1.10-stable, OpenSSL 1.1.1c, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.

This is in the recommended versions (and the log lines don't tell me off for being on an old version).

So it looks like if there's a way to force a re-build then this might get the image on the latest version.

I appreciate the answer may be "build it yourself!", which is fair enough, but I thought I'd add what I found.

Thanks!

andrewmichaelsmith avatar Aug 13 '19 21:08 andrewmichaelsmith