Upgrade Tor to 0.3.5.7 (or 0.3.4.10)

[emkll]

Description

SecureDrop servers are currently tracking the 0.3.4.x series of Tor stable. A new Tor Stable series was released with support for authenticated v3 onion URLS (0.3.5.x). This should now unblock the use of v3 authenticated onion services on Journalist and SSH interfaces.

User Stories

As a SecureDrop user and admin, I would like to use better cryptography for encrypting data in transit and authenticating onion services.
[0] https://blog.torproject.org/new-releases-tor-0357-03410-and-03311

[emkll]

It appears our current hidden service configuration (specifically the Journalist interface) does not work under the 0.3.5.X Tor series in Xenial (0.3.5.7-1~xenial+1):

Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.123 [notice] Tor 0.3.5.7 running on Linux with Libevent 2.0.
21-stable, OpenSSL 1.0.2g, Zlib 1.2.8, Liblzma 5.1.0alpha, and Libzstd N/A.
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.123 [notice] Tor can't help you if you use it wrong! Learn h
ow to be safe at https://www.torproject.org/download/download#warning
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.123 [notice] Read configuration file "/usr/share/tor/tor-ser
vice-defaults-torrc".
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.124 [notice] Read configuration file "/etc/tor/torrc".
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.134 [warn] Hidden service option HiddenServiceAuthorizeClien
t is incompatible with version 3 of service in /var/lib/tor/services/journalist
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.134 [warn] Failed to parse/validate config: Failed to config
ure rendezvous options. See logs for details.
Jan 29 16:25:10 app-prod tor[1332]: Jan 29 16:25:10.135 [err] Reading config failed--see warnings above.
Jan 29 16:25:10 app-prod systemd[1]: [email protected]: Control process exited, code=exited status=1
Jan 29 16:25:10 app-prod systemd[1]: Failed to start Anonymizing overlay network for TCP.
Jan 29 16:25:10 app-prod systemd[1]: [email protected]: Unit entered failed state.
Jan 29 16:25:10 app-prod systemd[1]: [email protected]: Failed with result 'exit-code'.

[emkll]

Since Tor does not build/serve 0.3.4.x series debs for Xenial, we must serve 0.3.5.x series debs in the xenial channel of our apt server. However, the error described occurs. This error can be resolved by explicitly setting the hidden service version in torrc (see: 3e8d3c0).

To ensure a smooth upgrade to Xenial, we must update the /etc/tor/torrc file in place to ensure the hidden service version is updated for all running configs, to avoid breakage of Tor.

I propose we:

1. Update install vars with the above describe fix as part of Stores Trusty & Xenial deb packages side by side #4080. This is required to get a clean prod install of SecureDrop on Xenial, which is part of the test plan.
2. Postinst script in securedrop-config to update torrc on existing instances (in a separate PR, to ensure proper testing).
3. Ship tor 0.3.5.x series on the Xenial apt channel. Trusty branch will remain on 0.3.4.x series, as Tor is no longer mirroring trusty packages ( @conorsch posted in gitter : https://gitweb.torproject.org/debian/tor.git/commit/?id=71900ed94eff6bf559b7d039c486da85e888b934)

[redshiftzero]

Deployed