File snowflake.spec of Package snowflake
#
# spec file for package snowflake
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: snowflake
Version: 2.10.1
Release: 0
Summary: Pluggable Transport using WebRTC, inspired by Flashproxy.
License: BSD-3-Clause
URL: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Source2: %{name}.service
BuildRequires: go >= 1.21
%description
A tool that attempts to circumvent censorship by transforming the Tor traffic
between the client and the bridge. This way censors, who usually monitor traffic
between the client and the bridge, will see innocent-looking transformed traffic
instead of the actual Tor traffic.
Q: How does it work?
In the Tor use-case:
Volunteers visit websites which host the "snowflake" proxy. (just like flashproxy)
Tor clients automatically find available browser proxies via the Broker (the domain fronted signaling channel).
Tor client and browser proxy establish a WebRTC peer connection.
Proxy connects to some relay.
Tor occurs.
More detailed information about how clients, snowflake proxies, and the Broker fit together on the way...
Q: What are the benefits of this PT compared with other PTs?
Snowflake combines the advantages of flashproxy and meek. Primarily:
It has the convenience of Meek, but can support magnitudes more users with negligible CDN costs. (Domain fronting is only used for brief signalling / NAT-piercing to setup the P2P WebRTC DataChannels which handle the actual traffic.)
Arbitrarily high numbers of volunteer proxies are possible like in flashproxy, but NATs are no longer a usability barrier - no need for manual port forwarding!
Q: Why is this called Snowflake?
It utilizes the "ICE" negotiation via WebRTC, and also involves a great abundance of ephemeral and short-lived (and special!) volunteer proxies...
%prep
%autosetup -p 1 -a 1
%build
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
# https://stackoverflow.com/questions/30005878/avoid-debugging-information-on-golang
%define buildflags -ldflags='-s -w' -trimpath
go build %{buildflags} -o snowflake-broker -mod=vendor -buildmode=pie ./broker
go build %{buildflags} -o snowflake-client -mod=vendor -buildmode=pie ./client
go build %{buildflags} -o snowflake-proxy -mod=vendor -buildmode=pie ./proxy
go build %{buildflags} -o snowflake-server -mod=vendor -buildmode=pie ./server
%install
# Install the binary.
%__install -D -m 0755 -t %{buildroot}%{_bindir} snowflake-*
mv -v broker/README.md README-broker.md
mv -v client/README.md README-client.md
mv -v proxy/README.md README-proxy.md
mv -v server/README.md README-server.md
# Install the systemd unit file
%__install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}-proxy.service
# Install manuals
mkdir -p %{buildroot}%{_mandir}/man1
%__install -D -m 644 doc/*.1 %{buildroot}%{_mandir}/man1/
rm -v doc/*.1
%pre
%service_add_pre snowflake-proxy.service
%post
%service_add_post snowflake-proxy.service
%preun
%service_del_preun snowflake-proxy.service
%postun
%service_del_postun snowflake-proxy.service
%files
%doc doc README*.md client/torrc*
%license LICENSE
#caps(cap_net_bind_service=ep)
%{_bindir}/%{name}-*
%{_unitdir}/%{name}-proxy.service
%{_mandir}/man?/%{name}*.?%{?ext_man}
%changelog
