You can pin package/repository priority. You just have to create a file in /etc/apt/preferences.d/ with contents like
Package: * Pin: release o=jessie Pin-priority: 400 then run apt-get update and apt-cache policy PACKAGE to confirm your settings. On Sat, Feb 14, 2015 at 12:50 PM, Alexander Dietrich <alexan...@dietrich.cx> wrote: > The problem with "Add repositry to /etc/apt/sources.list" is that this > will not work on Ubuntu without GPG errors, since the keys used for signing > the packages are unknown. And the Debian developers don't seem to publish > their key fingerprints on their website. > > The second problem is that the next "aptitude safe-upgrade" wants to > "update" a ton of packages, presumably from Debian Testing. I did read the > page on pinning, but just couldn't figure out how to make this work on > Ubuntu. > > So it's probably safer to wait for obfs4proxy to show up in Ubuntu > repositories. Is there already a plan for that? > > Best regards, > > Alexander > > --- > PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B > > On 2015-02-05 21:17, ZEROF wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > If you want to try to install jessi without updating your system it's > possible. Add repositry to /etc/apt/sources.list, run apt-get update. Then > use this and only this command to upgrade only that package from new > repository (check if you need to replace jessie with unstable or something > like that): > > apt-get -t jessie install name of your package > > You don't need to remove repository from your sources list because this > command will lock upgrades of other packages. Check this url for more info: > https://wiki.debian.org/AptPreferences, in section "Installing from unstable". > > > -----BEGIN PGP SIGNATURE----- > Version: OpenPGP.js v0.7.2 > Comment: http://openpgpjs.org > > wsFcBAEBCAAQBQJU08+wCRDHWR777fxuEQAAEpkP/3u/KvoBnRBLeQLNb4P7 > wumvgdpk5cs/pLvazQvEdGI/rUb5PT+Y+i7+wDTAb6y/btVh5n+S1vzBhgTV > RN6RM55CGls3shXEEhFLTUe6Pm8hONn0EtZ8V4CGWMV91/RSOfJdevMIzX/E > FZOtYrRGc+ymm9XWbyZaOnPdkG5s+Y+UMBVfhEl2QhB5JnFfp8ubMzLCOZSg > hFUHOuOdQTcXgO5KZ5FjtXRynRbJYitDSAwzIlen7VQCgknv+z6a4D40tQ7/ > emvTaAZ3KYQzgZFugfiqBi8fUA55MkvEE+XjLFqWGj6u7zmXXQJ9EVvh6Fml > +kbf8QjP/pu1TGyagrro2W+sBNHgZnm/o1nvj+a+qFiQu1NmwvJ7n4mJtYVt > CwxZhBfiLemOZoX4AyS/3u21h494cAshDnPJ9J+0A1rKKjKUtejgRD19m++Q > TMXpa+LPr3RRLRZUospWpMljtypu1t/masv+iM1sdgw46hF8GiM7FcGnazU8 > SMy408gLLu09bCXwXKQ4hfUf68Uo8Y4v/g8BozV3GuUcaIOSTX4sCXwneMAW > /f7RYslrMHfkqIQSCtulIq3fI7CQpFjtoRYCfcG5nF0IziU3lHB0cRB7uL0n > zKwPYW3CiQz0O8HDCg0sdp1iuYr6yahr1WsnpBoc1AGWASTqdVgRELXHgCL6 > ZMyT > =FL9d > -----END PGP SIGNATURE----- > > > On 3 February 2015 at 18:33, Alexander Dietrich <alexan...@dietrich.cx> > wrote: > >> Is it possible to install the obfs4proxy package securely (with signature >> verification) on Ubuntu? I looked at this a while ago, but couldn't figure >> out how to make it work. >> >> Thanks, >> Alexander >> --- >> PGP Key: https://dietrich.cx/pgp | 0x727A756DC55A356B >> >> >> On 2015-02-03 01:14, Yawning Angel wrote: >> >>> On Mon, 2 Feb 2015 22:41:40 +0000 >>> isis <i...@torproject.org> wrote: >>> >>>> I requested that the obfs4proxy package in Debian jessie be ported to >>>> wheezy-backports, [0] however, it seems this is extremely unlikely to >>>> happen because it would mean backporting pretty much every Golang >>>> package in existence. >>> >>> >>> Last I heard, that was mostly unnecessary, though how exactly this apt >>> pinning stuff works is a mystery to me[0]. >>> >>> I would be super stoked if we could make it as easy and seamless as >>>> possible for the Bridge operators who are still running obfs2 (!!) to >>>> move to supporting better, newer Pluggable Transports. Currently >>>> recommended PTs to run are: obfs3, obfs4, scramblesuit, and >>>> fteproxy. When Tor Browser 4.5 becomes stable (probably in mid-April >>>> 2015), we'll want lots more obfs4 Bridges! For the super adventurous >>>> sysadmins who'd like to try Yawning's experimental new post-quantum >>>> PT, Basket [1] is one of the newest PTs. >>> >>> >>> More obfs4 bridges would be amazing. It's worth noting that obfs4proxy >>> can also handle obfs2 and 3 (and with a branch that I need to >>> test/merge soon, a ScrambleSuit client), and it even is easy to run >>> bridges on ports < 1024 without messing with port forwarding. >>> >>> Basket is still a research project and non-researchers shouldn't deploy >>> it because the wire format may change (and it consumes a hilarious >>> amount of bandwidth). >>> >>> We should probably come up with some easy instructions for operators >>>> of Tor Bridge relays who are running Debian stable, such as adding an >>>> Apt pin to pull in only the obfs4proxy package and its dependencies >>>> from Debian jessie and keep everything else pinned to stable. If >>>> someone has done this, or has another simple solution, would you mind >>>> writing up some short how-to on the steps you took, please? >>>> >>>> [0]: >>>> http://lists.alioth.debian.org/pipermail/pkg-anonymity- >>>> tools/Week-of-Mon-20150202/001119.html >>>> [1]: https://github.com/yawning/basket >>> >>> >>> All of obfs4proxy's dependencies are build time. The binary is >>> statically linked because that's what Go does. David S.'s ansible-tor >>> package does it like this: >>> >>> https://github.com/david415/ansible-tor/commit/ >>> f897581daa79389ddcb28c7dae601473e85e8226 >>> >>> So the documentation should be a matter of "how to setup the apt pin >>> for a single package". I've heard someone complaining about the tor >>> AppArmor profile but that also isn't something I've dealt with ever. >>> >>> Regards, >>> >>> -- >>> Yawning Angel >>> >>> [0]: I just scp the binary to my bridge whenever I need to update it, >>> and my idea of how to update all my linux systems starts with "pacman" >>> and not "apt-get". >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > -- > http://www.backbox.org > http://www.pentester.iz.rs > > > _______________________________________________ > tor-relays mailing > listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
