search

chriswayg / tor-server

:whale: An efficient and secure Tor relay server Docker image based on Debian
https://hub.docker.com/r/chriswayg/tor-server/
MIT License
60 stars 21 forks source link

Order of package-installation prevents new versions of tor from being installed #5

Open reformat0r opened 3 years ago

reformat0r commented 3 years ago

I noticed that when building the image using the latest Dockerfile, an outdated version of tor is being installed. The reason seems to be that the signing keys are expired:

The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key

I think the issue lies with the fact that deb.torproject.org-keyring and tor are being installed in the same transaction, meaning that when apt checks which version of tor to install, the keys are not yet updated.

https://github.com/chriswayg/tor-server/blob/2a9ed8e92bab080f0d7623324a5e89ddf1e5cdc6/Dockerfile#L38-L43

I resolved the issue by first executing apt-get install deb.torproject.org-keyring on its own, before installing tor:

 # Install tor with GeoIP and obfs4proxy & backup torrc \
 && apt-get update \
 && apt-get install deb.torproject.org-keyring -y \
 && apt-get install --no-install-recommends --no-install-suggests -y \
        pwgen \
        iputils-ping \
        tor \
        tor-geoipdb
andrewbpowers commented 2 years ago

Great work!

How to you install the "tor-server" or build the image after this changes?