[sword-devel] Access of SWORD repos through proxy?

Sun Sep 1 17:24:20 EDT 2024

A warning about the Curl environment variables.

The logic Curl uses for these environment variables is somewhat 
confusing and error-prone, especially in relation to the upper-case and 
lower-case versions of the environment variable names. These might be 
sometimes difficult to get right. What makes these more confusing is 
that Wget also uses such variables, but in a slightly different way. 
I've been bitten multiple times by accidentally using the wrong case, 
forgetting some environment variables being used or unset etc, but 
fortunately this only resulted in some CI jobs hanging or bypassing a 
cache instead of security issues.

A more canonical reference to using the environment variables might be 
the ENVIRONMENT section in the the manpage on the Curl website[1] or on 
your system. Note that there might be slight differences in behavior of 
different versions of Curl, so the curl(1) manpage on your computer 
might better correspond to the actual version of Curl installed.

Test, test, test to verify it works as intended.

But in any case, may the Lord always be your first guide and saviour. 
Rely on Him first, not on computers. :)

Jaak

[1]: https://curl.se/docs/manpage.html#ENVIRONMENT

On 01.09.24 21:08, Greg Hellings wrote:
> If you have compiled SWORD with libcurl support for its transport, you can
> just leverage built in SOCKS support in libcurl. I don't know how you'd do
> this in a mobile app (you probably would need to expose it to the user in
> your UI), but it should work transparently to the user once the environment
> variables are set.
> 
> https://blog.emacsos.com/use-socks5-proxy-in-curl.html
> 
> --Greg
> 
> On Sun, Sep 1, 2024, 12:58 Tobias Klein <contact at tklein.info> wrote:
> 
>> Thank you, Jaak and David,
>>
>> I have passed on your feedback to the user.
>>
>> See
>>
>> https://github.com/ezra-bible-app/ezra-bible-app/discussions/1093#discussioncomment-10512596
>>
>> Best regards,
>> Tobias
>>
>> On 8/31/24 5:29 PM, Jaak Ristioja wrote:
>>> Hi,
>>>
>>> I'm assuming your SOCKS5 traffic flows through a sufficiently
>>> encrypted network tunnel.
>>>
>>> For Linux, there are programs which allow to run other programs and
>>> direct their network traffic to some SOCKS5 proxy, e.g. proxychains-ng:
>>>
>>>    https://github.com/rofl0r/proxychains-ng/
>>>
>>> On Debian, Ubuntu and their derivates one can likely install it by using
>>>
>>>    sudo apt-get install proxychains4
>>>
>>> Proxychains-ng needs to be configured via /etc/proxychains.conf,
>>> ~/.proxychains/proxychains.conf or proxychains.conf in the current
>>> working directory unless the -f command line option is used to specify
>>> a different location. After configuration, one should be able to run
>>> programs via commands like
>>>
>>>    proxychains4 your_program --with=any arguments
>>>
>>> However, the problem with such tools is that they might not always
>>> work as intended. For example when network traffic flows via paths
>>> which tools like proxychains-ng do not know to intercept. Fpr example,
>>> this is sometimes the case for DNS traffic (hostname to IP address
>>> lookups) which is sometimes handled via external programs (e.g. DNS
>>> cache service on local machine). So be sure to always thorougly test
>>> (e.g. using network traffic analysis) whether this actually works
>>> properly before actual use, and that nothing leaks. And test again
>>> after ANY software updates or configuration changes. So be VERY VERY
>>> CAREFUL when using things like proxychains-ng.
>>>
>>> A safer option might be to use something like Tails, a Debian Linux
>>> based operating system which forces all programs to network over a
>>> local SOCKS proxy providing Tor. It might be possible to configure
>>> Tails to use some other SOCKS5 proxy as well.
>>>
>>> Regarding Tor, please note that in its simplest configuration Tor
>>> attempts to connect to public Tor relays, making it possible for
>>> eavesdroppers to detect Tor usage. A way around this (as suggested by
>>> the Tor project) is to use (private) Tor bridges which use domain
>>> fronting, traffic obfuscation and similar tricks. You might also find
>>> some of these technologies useful for the tunneling the SOCKS5 traffic.
>>>
>>>
>>> Best regards,
>>> Jaak
>>>
>>>
>>> PS: All security technologies and their implementations, including
>>> proxychains-ng, Tails and Tor, have their weak points. So take care
>>> when evaluating their fitness for your particular purpose.
>>>
>>>
>>> On 31.08.24 14:20, Tobias Klein wrote:
>>>> Hi Troy and all,
>>>>
>>>> One of the Ezra users has asked the following:
>>>>
>>>>
>>>> The websites for updating modules and downloading Bibles are either
>>>> inaccessible or subject to censorship for people living in countries
>>>> that restrict internet access.
>>>>
>>>> Could the program be updated to support setting up a SOCKS5 or HTTP
>>>> proxy, allowing users to access the internet through a proxy?
>>>>
>>>>
>>>>
>>>> How do you assess this request from a SWORD library perspective?
>>>>
>>>>
>>>> Best regards,
>>>> Tobias
>>>>
>>>>
>>>> _______________________________________________
>>>> sword-devel mailing list: sword-devel at crosswire.org
>>>> http://crosswire.org/mailman/listinfo/sword-devel
>>>> Instructions to unsubscribe/change your settings at above page
>>>
>>> _______________________________________________
>>> sword-devel mailing list: sword-devel at crosswire.org
>>> http://crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
> 
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page