⋔ about ⋔ contact ⋔ licensing ⋔ oostats ⋔ wiki ⋔ support ⋔ keys ⋔ faq ⋔ archives ⋔
344 words by gman999 written on 2017–02–27, last edit: 2017–09–03, tags: openbsd, operator, relay, tor ⋔ Previous post: Welcome Aboard, Vinicius ⋔ Next post: March in Amsterdam
The question of which branch or flavor of OpenBSD to use for a Tor relay is a frequent point of mention.
OpenBSD maintains three flavors:
-release which comes out every six months as sure as the sun rises, if not earlier on occasion
-stable which includes the addition of necessary patches
and finally, -current, the bleeding edge of OpenBSD development, which updates regularly and sometimes very frequently
The logical notion is that -stable or even -release should be the Tor relay platorm choice. It does seem to be the most common recommendation.
Yet there are a number of things to consider, and we tend to favor -current as the best option in most use-cases for any OpenBSD box.
First, what is -current in OpenBSD is not some wildly unusable system. -current is the platform for OpenBSD development, in that it is the flavor on which OpenBSD developers actually work. Not a few production servers run on -current, and most significant problems are quickly resolved.
The other issue to consider is that OpenBSD’s ports development takes place on -current. Therefore the most current OpenBSD ports are found in -current. net/tor is at version 0.2.9.9 with a single revision, while -stable is still at Tor 0.2.7.6 with three revisions.
And no, for the inquisitive, OpenBSD does not support alpha or beta software in its ports tree, which excludes the Tor development branch.
Updating -stable isn’t difficult, which ever updating routes chosen. But following -current with the regular snapshots is equally simple. This guide from Peter Hansteen is dated, but gives the gist of the procedure.
Just because -current can update as frequently as a few times a day at times, doesn’t mean the Tor relay operator has to update the system each time. If one can keep a -current relay updated weekly, it should be fine.
The one other thing to note is that physical or serial console (or similar) access is also necessary for updating -current, as one has to boot off the bsd.rd kernel.
Copyright © 2015–2018 by The Tor BSD Diversity Project (TDP). All Rights Reserved.