New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal] Alternative (self-contained) embedded Tor backend #6
Comments
Hi, thanks for your comment and showing me go-libtor. That's a very neat way to use CGO to avoid non-
The only difference between https://github.com/ipsn/go-libtor and https://github.com/cretz/tor-static is that the latter does ask you to build outside of CGO. I am unsure why CGO calling Unfortunately with large third party dependencies, maintaining your own build scripts for their suite because of this one extra step can be a bit troublesome for maintenance. We in Go are a bit spoiled and a bit hobbled at the same time. We are spoiled because there are so many pure Go or Go+C projects that a simple
I think the API separation that you have (w/ the Also, if https://github.com/ipsn/go-libtor is more than a PoC project, I'd love to mention it on the README. Then people can use your |
I am creating Android libraries directly from Go code with
I was just wondering whether you'd accept the Creator/Process interface implementations as a
That is truly something I'm afraid of :) No idea how I'd approach solving that.
I guess that will depend on whether or not I or someone else starts using it more seriously. I have an idea of where I'd like to use it, but my entire project is a spare time thing, so no guarantees. IPFS is also looking into using Tor in their own transports, though it's an experimental thing for them too. Either way, if people only use my lib for fast prototyping, it's goal is already fulfilled :) As for mentioning in the README, I'll probably tweet out the repo, maybe write up a blog post about the "experience" for posterity. Feel free to link to if if you think it's valuable, but I'd first settle on the final "API" wrt the integration, before sending people in. |
Just so you know, all you have to do with the static libs in https://github.com/cretz/tor-static is compile them once, then they are referenced from there. There should be no guess work to call
You'll end up solving it by doing it outside of the incredibly limited CGO :-)
I'd rather you keep them in a separate repo. Usually the interface is a better abstraction between these two things than this project having a tiny file referencing your project. Also, your project is not quite ready to support platforms like Windows. Finally, letting the dev choose when to include your project by explicitly importing a separate repo can save us from someone improperly running something like
Word. I'll leave this issue open and just let me know when you're set and I'll happily link it and explain its benefit. |
👍 Thanks for the feedback and the great work on the APIs :) |
I've tried to do a simple integration my side, but there are some dependency issues caused by your package layout. In order for me to support your interfaces, I need to implement these: // Process is the interface implemented by Tor processes.
type Process interface {
// Start starts the Tor process in the background and returns. It is
// analagous to os/exec.Cmd.Start.
Start() error
// Wait waits for the Tor process to exit and returns error if it was not a
// successful exit. It is analagous to os/exec.Cmd.Wait.
Wait() error
}
// Creator is the interface for process creation.
type Creator interface {
New(ctx context.Context, args ...string) (Process, error)
} The first issue is that your The larger issue however is that you have a small helper method inside the
At this point I have a few suggestion on how to solve these issues:
|
I'm sorry, but I am afraid I disagree here that these are really even issues. First, those libs I reference will be referenced anyways by anyone using the bine project. I could just have tossed everything in one package and it would have been no problem either. The linker should keep the unused things out of the runtime binary. That's not an "explosion" of your dependency graph (just wait until you use the actual library). If that kind of package list is a real issue, you're going to have a real hard time using IPFS, or even the Go stdlib for that matter. The way it is currently set up is quite reasonable and quite normal for a Go project. Also, again, using other parts of the this lib anyways brings in those dependencies too which are hardly "dependencies" in the traditional sense. In fact, that I don't use an popular error or log handling library makes this project quite lightweight in the traditional sense. I'm afraid at this point if you believe that referencing my other packages in this way is harmful, I would suggest taking the MIT-licensed code and restructuring it. I believe in its current state it is quite lightweight, quite dependency free, and that my very few packages reference each other and the crypto libs is harmless. |
That is fine. It was a suggestion, I can accept you decision. |
Hey there!
I'm playing around with a hobby project in my spare time. For now I'm just building and evaluating the tech stack I'd like to build on top, and Tor came up as one of the components I'd like to pursue more seriously. At least in the initial experimentation phase.
I've looked around for Tor libraries in Go, and I think yours comes closest to a easily usable one, though I'll admit I haven't used it much yet. My primary concern was that by default you required the existence of a Tor process on the host machine. This imho limits the usage of your library to a very narrow group of people.
Before you object, I did see that you have an embeddable version of Tor that people can clone, build manually and then link against from this project. While it's a bit better, I don't think it expands your user base much, since the manual build step breaks all Go workflows. I.e. I cannot build my project on top of yours, because I cannot afford an extra build step (my primary target is mobile).
Left out in the cold, I started looking into how I could create a truly self-contained Go library out of Tor. It took an annoyingly long time because of various limitations of Go and CGO, but after a few weeks I ended up with a seemingly working solution (https://github.com/ipsn/go-libtor). Currently it builds on Linux amd64, 386, arm64 and arm (libc + musl); and Android amd64, 386, arm64 and arm. I don't think it would be too hard to add support for osx + windows, but those aren't really my priorities currently.
A nice design of the project is that it auto-updates every night via Travis cron jobs to the latest stable OpenSSL + Tor upstream projects, so hopefully it won't take constant effort to maintain. I'm sure there are a few rough edges in store but my question is whether you'd be interested in me submitting a PR to add direct support in your lib for my external lib?
API wise I made it fully compatible with your repo, and also written up
process.Creator/Process
wrapper based demo to highlight that it's fully cross compatible https://github.com/ipsn/go-libtor#usage. I can submit a PR to upstream the wrappers into your library if you'd be interested. Alternatively I can create the wrappers in my project too to have the same effect, but I thought yours might be a bit more appropriate coupling point. Tell me what you think.Cheers
Peter
The text was updated successfully, but these errors were encountered: