Trouble building obfs4proxy because of ed25519
I'm working on packaging OnionShare for flatpak which involves building tor and obfs4proxy binaries from source, but I'm having trouble getting the source for or building obfs4proxy because of #7 (closed):
$ go get gitlab.com/yawning/obfs4.git/obfs4proxy
package github.com/agl/ed25519/extra25519: cannot find package "github.com/agl/ed25519/extra25519" in any of:
/usr/lib/go-1.10/src/github.com/agl/ed25519/extra25519 (from $GOROOT)
/home/user/go/src/github.com/agl/ed25519/extra25519 (from $GOPATH)
Reading the issues, it looks likes obfs4proxy depends on agl's ed25519 is unmaintained and contains a known vulnerability, and the specific submodule you need, extra25519, has not been merged into the standard library. And because of all of this, it's difficult to even fetch the source and build obfs4proxy.
Is there a simple way to fetch the source and build it?
And given the state of the ed25519 dependency, what is the future of this project? I noticed in #9 (comment 318916186) you wrote:
In my opinion the better thing to do would be for someone to develop a new obfuscation protocol that isn't obfs4, it's possible to design something quite sensible without having to use this sort of construct, and at this point the protocol is quite dated.
However obfs4 is still included in Tor Browser, and when you fetch bridges from https://bridges.torproject.org/options by default it gives you obfs4 bridges. If you think this project is kind of dead, do you think it's reasonable to keep including it in OnionShare?