Building Tor from Source

Karl gmkarl at
Sun Oct 11 09:50:29 PDT 2020

@zen i see the value of putting it in a git repo; i made some
misleading typos.  should be fill-in-able though.

On 10/11/20, Karl <gmkarl at> wrote:
> I'm too busy [s/reverse-engineering microchips from live
> bombs/doddering around confused/] to know how to compile anything from
> its source.
> s/A/B/ is sed script substitution notation.  It means replace A with
> B.  I tell jokes because I'm in pain, and I'd rather share nice things
> than harm, especially if those nice things could have some important
> small part.
> A lot of people are working on the Tor project.  You can see what
> they're working on at .  I have no clue
> how to use gitweb to actually get source code, but I'm pretty good at
> guessing people's [s/social security numbers/blindingly obvious facial
> expressions three hours later/] , so I tried typing `git clone
>` into a terminal and what do you
> know, it worked.
> [Note to zfs:  I ended up using a raid1 array and git-annex
> repositories for now, now that i have an indoor place to put
> harddrives in.]
> ```
> $ ls
> acinclude.m4  ChangeLog  CODE_OF_CONDUCT  CONTRIBUTING
>  LICENSE     README        scripts
>    changes   contrib       doc
> INSTALL      m4       Makefile.nmake  ReleaseNotes  src
> ```
> Tell me if I'm skipping too many steps and I can include a full log,
> but I won't unless asked directly.  Yes, it's boring, you're expected
> to only pretend to have read it.
> This is an "autotools" project.  Autotools is an ancient linux C thing
> for setting up projects.  Autotools looks like dead animal vomit on
> the inside (this means any modern coder can tell you that nobody
> should have designed it how it is obviously designed), but it is still
> very widely used because it just keeps working.  (the reason it keeps
> working is because some bleary-eyed people with beards have memorized
> all the dead vomit inside it and keep shoving it around whenever
> needed, to keep it working).
> We're lucky here: the tor people included an `` script,
> which does the autotools voodoo automatically for you.  If that script
> isn't there, often you can get away with just running `autoreconf`,
> which is basically all that script does.
> If doesn't work for you, you're probably missing important
> system development packages like automake, autoconf, libtool, etc.
> Please ask if you need more help.  Oh, junior, you think you're cool
> by not asking?  Junior, you're going to suffer if you don't learn what
> to do.  You won't go to college and then you'll [s/get kidnapped by a
> drug ring and forced to collect rape victims after you run away to the
> streets to pursue your dream of being a musician/disappoint the pretty
> girl we all care about/] [s/disappoint the pretty girl we all care
> about/get caught up with and protected by a bunch of genius hackers
> who never needed to go to college, and learn to take down the
> system/].  Just please ask if you don't understand and need to.  You
> can even ask privately!  You can even ask the ugly girl who wishes she
> had some way to please you!  There's one out there.
> Here's what it looks like:
> ```
> $ ./
> /bin/autoreconf
> installing './ar-lib'
> installing './compile'
> installing './config.guess'
> installing './config.sub'
> installing './install-sh'
> installing './missing'
> installing './depcomp'
> parallel-tests: installing './test-driver'
> ```
> This generates a 'configure' script, the hallmark of autotools.  It's
> a computer program generated by another computer program, that
> generates parts of actual computer program we're building, in such a
> way that it has the right structures for the computer you're building
> it on.  That's a lot of automatic moving parts that build other
> automatic moving parts, and this process is often guided by further
> automatic moving parts in centralized build systems, but no it won't
> [s/mind control your employees, turn into a cloud of nanites, and
> research more wormholes/confuse you more than we can handle/] this time.
> Run the `configure` script it put in the folder, to set up the project
> to build.  You only need to do this once.
> ```
> $ ./configure
> checking for a BSD-compatible install... /bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /bin/mkdir -p
> checking for gawk... gawk
> ...
> ```
> At the end, `configure` generates a makefile, which is the guts of
> building a project.  It lists all the files that will be worked with,
> what will be done to them, and what will be produced by doing that, in
> many layers of steps needed to reach the final goal of building Tor.
> It's just a bunch of computer mumbo jumbo that makes Tor exist from
> its source code.
> Whoops!  When you run `configure`, it looks to find out all the stuff
> you need to have on your system to make it run.  On my system, the
> dependency I was missing related to the documentation.  I like to be
> able to work with any part of the system, so I'll probably resolve
> this dependency so I know I can build the documentation:
> ```
> ==================================
> Building Tor has failed since manpages cannot be built.
> You need asciidoc installed to be able to build the manpages.
> To build without manpages, use the --disable-asciidoc argument
> when calling configure.
> ==================================
> $ # oh no!  what do I do!
> ```
> Unfortunately, every system installs packages differently.  But if I
> got to this point, I know how to install packages:
> ```
> $ sudo yum search asciidoc
> # I don't really prefer enterprise rpm-based systems, but this
> # one a confused family member purchased has my favorite
> # [s/evolved digital familiar made of malware and trojan
> # communities/system config that i never backed up/]
> [sudo] password for user:
> Loaded plugins: langpacks, product-id, search-disabled-repos,
> subscription-manager
> This system is registered with an entitlement server, but is not
> receiving updates. You can use subscription-manager to assign
> subscriptions.
> ===================================================================================
> N/S matched: asciidoc
> ====================================================================================
> asciidoc-doc.noarch : Additional documentation and examples for asciidoc
> asciidoc-latex.noarch : Support for asciidoc latex output
> rubygem-asciidoctor.noarch : A fast, open source AsciiDoc implementation in
> Ruby
> rubygem-asciidoctor-doc.noarch : Documentation for rubygem-asciidoctor
> asciidoc.noarch : Text based document generation
> $ sudo yum install asciidoc
> ```
> ```
> $ ./configure
> ...
> Tor Version: Tor
> Build Features
>   Compiler:                                                      gcc
> -std=gnu99
>   Host OS:                                                       linux-gnu
> ...
> ```
> The makefile is generated!  To build the source, we type `make`, which
> loads the makefile and compiles it.  Nowadays everybody [s/expects to
> be able to teleport their brain across the ocean whenever they need to
> buy some milk at the grocery store (for real, see
> things more when they are faster/], so we can add `-j4` to the make
> command, which basically speeds it up by asking the computer to get
> four times more confused while doing it (multitasking on its parts).
> ```
> $ make
> make  all-am
> make[1]: Entering directory `/shared/src/tor'
>   CC
> src/ext/ed25519/ref10/src_ext_ed25519_ref10_libed25519_ref10_a-fe_0.o
> ...
> ```
> Each line that goes by is a sourcefile that's being compiled.  A long
> list of very precise words handtyped by a dedicated worker with a
> beard or glasses or likely both, likely working in a confined indoor
> environment almost like chickens in an industrial chicken farm, but we
> love to do it!  Really!  Ask any one of us!  It gives us nastalgia of
> our earlier years.
> Ohhh....  My source code didn't compile.  This is pretty common.
> Nowadays [s/the corporate thugs have killed so many of our
> friends/people are so much more interested in adding features instead
> of testing things/] that everybody has to use some mysterious wizardry
> called 'docker' to copy the systems of the devs so as to make anything
> actually compile.  I'm not a fan of docker, because it ignores all the
> problems that the devs don't see because of the specifics of their
> systems, [s/producing widespread bugs that are discovered in the form
> of hacked government systems a decade later/and makes it harder for
> people to work on the software on low-end systems/].  Here's the
> arcane compilation error I ran into:
> ```
>   CC       src/test/src_test_test_slow-test_slow.o
> In file included from src/test/test_tortls_openssl.c:42:0:
> ./src/lib/tls/tortls_internal.h:55:8: error: conflicting types for
> ‘SSL_SESSION_get_master_key’
>  size_t SSL_SESSION_get_master_key(struct ssl_session_st *s,
>         ^
> In file included from src/test/test_tortls_openssl.c:23:0:
> /usr/local/include/openssl/ssl.h:2007:15: note: previous declaration
> of ‘SSL_SESSION_get_master_key’ was here
>  __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
>                ^
> src/test/test_tortls_openssl.c: In function ‘get_cipher_by_name’:
> src/test/test_tortls_openssl.c:541:19: error: dereferencing pointer to
> incomplete type
>    int num = method->num_ciphers();
>                    ^
> src/test/test_tortls_openssl.c:544:38: error: dereferencing pointer to
> incomplete type
>      const SSL_CIPHER *cipher = method->get_cipher(i);
>                                       ^
> src/test/test_tortls_openssl.c: In function
> ‘test_tortls_client_is_using_v2_ciphers’:
> src/test/test_tortls_openssl.c:710:3: warning: ‘TLSv1_method’ is
> deprecated (declared at /usr/local/include/openssl/ssl.h:1877)
> [-Wdeprecated-declarations]
>    ctx = SSL_CTX_new(TLSv1_method());
>    ^
> src/test/test_tortls_openssl.c:717:6: error: dereferencing pointer to
> incomplete type
>    ssl->session = sess;
>       ^
> src/test/test_tortls_openssl.c:724:6: error: dereferencing pointer to
> incomplete type
>    one->id = 0x00ff;
>       ^
> src/test/test_tortls_openssl.c:726:7: error: dereferencing pointer to
> incomplete type
>    sess->ciphers = ciphers;
> make[1]: *** [src/test/src_test_test-test_tortls_openssl.o] Error 1
> make[1]: *** Waiting for unfinished jobs....
> make[1]: Leaving directory `/shared/src/tor'
> make: *** [all] Error 2
> ```
> It looks like my `openssl` header file differs from the one used by
> the Tor project.
> There are some basic ways to approach this, the simplest of which is
> of course to use docker.  Other things one might try might include
> compiling a version of the software known to be stable, changing the
> version of my local library, or searching for the detail of the issue
> to identify its cause and give it a relevant fix.
> In open source, especially among the gnu crowd (which is the only
> crowd), the idea is that everybody benefits from everyone's work.
> When you do something, you want to contribute back to the community,
> so that your work has value.  For this, you get appreciation,
> friendship, collaboration and teaching, and often even lots of money
> if you know the ropes and need it!
> So, the right solution to my build error, is likely to provide a patch
> to the Tor project, that changes the source so that either it builds
> on people's systems with my openssl version, or the configure script
> gives an error and informs the user of what they need to change.
> Thaaaat would be in a possible further e-mail.
> Tata!

More information about the cypherpunks mailing list