diff options
| -rw-r--r-- | packages/net-misc/tor/files/openrc/confd/tor | 3 | ||||
| -rw-r--r-- | packages/net-misc/tor/files/openrc/initd/tor | 84 | ||||
| -rw-r--r-- | packages/net-misc/tor/files/systemd/tor.service | 9 | ||||
| -rw-r--r-- | packages/net-misc/tor/files/tor.conf | 3 | ||||
| -rw-r--r-- | packages/net-misc/tor/files/tor.logrotate.in.patch | 20 | ||||
| -rw-r--r-- | packages/net-misc/tor/files/torrc.sample.in-sane-defaults.patch | 33 | ||||
| -rw-r--r-- | packages/net-misc/tor/tor-scm.exheres-0 | 118 |
7 files changed, 270 insertions, 0 deletions
diff --git a/packages/net-misc/tor/files/openrc/confd/tor b/packages/net-misc/tor/files/openrc/confd/tor new file mode 100644 index 0000000..4195bf3 --- /dev/null +++ b/packages/net-misc/tor/files/openrc/confd/tor @@ -0,0 +1,3 @@ +# +# Set the file limit +rc_ulimit="-n 30000" diff --git a/packages/net-misc/tor/files/openrc/initd/tor b/packages/net-misc/tor/files/openrc/initd/tor new file mode 100644 index 0000000..799cca1 --- /dev/null +++ b/packages/net-misc/tor/files/openrc/initd/tor @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +PIDFILE=/var/run/tor/tor.pid +CONFFILE=/etc/tor/torrc +GRACEFUL_TIMEOUT=${GRACEFUL_TIMEOUT:-60} + +# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525 +# Graceful = wait 30 secs or so until all connections are properly closed. +extra_commands="checkconfig" +extra_started_commands="graceful gracefulstop reload" +description="Anonymizing overlay network for TCP" +description_checkconfig="Check for valid config file." +description_reload="Reload the configuration." +description_graceful="Gracefully restart." +description_gracefulstop="Gracefully stop." + +depend() { + need net +} + +checkconfig() { + # first check that it exists + if [ ! -f ${CONFFILE} ] ; then + eerror "You need to setup ${CONFFILE} first" + eerror "Example is in ${CONFFILE}.sample" + return 1 + fi + + # now verify whether the configuration is valid + /usr/bin/tor --verify-config -f ${CONFFILE} > /dev/null 2>&1 + if [ $? -eq 0 ] ; then + einfo "Tor configuration (${CONFFILE}) is valid." + return 0 + else + eerror "Tor configuration (${CONFFILE}) not valid." + /usr/bin/tor --verify-config -f ${CONFFILE} + return 1 + fi +} + +start() { + checkconfig || return 1 + checkpath -d -m 0755 -o tor:tor /var/run/tor + ebegin "Starting Tor" + HOME=/var/lib/tor + start-stop-daemon --start --pidfile "${PIDFILE}" --quiet --exec /usr/bin/tor -- -f "${CONFFILE}" --runasdaemon 1 --PidFile "${PIDFILE}" > /dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping Tor" + start-stop-daemon --stop --pidfile "${PIDFILE}" --exec /usr/bin/tor -- --PidFile "${PIDFILE}" + eend $? +} + +graceful() { + gracefulstop + start + eend $? +} + +gracefulstop() { + local rc=0 + ebegin "Gracefully stopping Tor" + ebegin "This can take up to ${GRACEFUL_TIMEOUT} seconds" + start-stop-daemon -P --stop --signal INT -R ${GRACEFUL_TIMEOUT} --pidfile "${PIDFILE}" --exec /usr/bin/tor -- --PidFile "${PIDFILE}" + rc=$? + eend "done" + eend $rc +} + +reload() { + if [ ! -f ${PIDFILE} ]; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + ebegin "Reloading Tor configuration" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} + eend $? +} diff --git a/packages/net-misc/tor/files/systemd/tor.service b/packages/net-misc/tor/files/systemd/tor.service new file mode 100644 index 0000000..5ca14e5 --- /dev/null +++ b/packages/net-misc/tor/files/systemd/tor.service @@ -0,0 +1,9 @@ +[Unit] +Description=Anonymizing Internet communication system + +[Service] +ExecStart=/usr/bin/tor -f /etc/tor/torrc +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/packages/net-misc/tor/files/tor.conf b/packages/net-misc/tor/files/tor.conf new file mode 100644 index 0000000..4e4c639 --- /dev/null +++ b/packages/net-misc/tor/files/tor.conf @@ -0,0 +1,3 @@ +tor hard nofile 30000 +tor soft nofile 30000 + diff --git a/packages/net-misc/tor/files/tor.logrotate.in.patch b/packages/net-misc/tor/files/tor.logrotate.in.patch new file mode 100644 index 0000000..083913f --- /dev/null +++ b/packages/net-misc/tor/files/tor.logrotate.in.patch @@ -0,0 +1,20 @@ +Source: Gentoo (bug #178975) +Upstream: no +Reason: Logrotate script fails if Tor is not running. This should really go + upstream. + +diff -ruN tor-0.2.5.10.orig/contrib/operator-tools/tor.logrotate.in tor-0.2.5.10/contrib/operator-tools/tor.logrotate.in +--- tor-0.2.5.10.orig/contrib/operator-tools/tor.logrotate.in 2014-06-27 23:45:19.000000000 +0200 ++++ tor-0.2.5.10/contrib/operator-tools/tor.logrotate.in 2014-11-01 09:06:46.466585311 +0100 +@@ -6,9 +6,9 @@ + missingok + notifempty + # you may need to change the username/groupname below +- create 0640 _tor _tor ++ create 0640 tor tor + sharedscripts + postrotate +- /etc/init.d/tor reload > /dev/null ++ /etc/init.d/tor reload > /dev/null || true + endscript + } diff --git a/packages/net-misc/tor/files/torrc.sample.in-sane-defaults.patch b/packages/net-misc/tor/files/torrc.sample.in-sane-defaults.patch new file mode 100644 index 0000000..6919c3c --- /dev/null +++ b/packages/net-misc/tor/files/torrc.sample.in-sane-defaults.patch @@ -0,0 +1,33 @@ +Source: Sterling X. Winter <sterling.winter@gmail.com> +Upstream: no +Reason: By default: drop daemon privs to tor/tor, enable logging, use a sane + data dir. + +--- tor-0.2.7.6.orig/src/config/torrc.sample.in 2015-11-13 14:41:38.000000000 +0100 ++++ tor-0.2.7.6/src/config/torrc.sample.in 2016-02-04 13:20:50.024381439 +0100 +@@ -12,6 +12,9 @@ + ## Tor will look for this file in various places based on your platform: + ## https://www.torproject.org/docs/faq#torrc + ++# On startup, setuid to this user and setgid to their primary group. ++User tor ++ + ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't + ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only + ## as a relay, and not make any local application connections yourself. +@@ -40,6 +43,7 @@ + #Log debug file @LOCALSTATEDIR@/log/tor/debug.log + ## Use the system log instead of Tor's logfiles + #Log notice syslog ++Log notice file @LOCALSTATEDIR@/log/tor/tor.log + ## To send all messages to stderr: + #Log debug stderr + +@@ -51,6 +55,7 @@ + ## The directory for keeping all the keys/etc. By default, we store + ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. + #DataDirectory @LOCALSTATEDIR@/lib/tor ++DataDirectory @LOCALSTATEDIR@/lib/tor/data + + ## The port on which Tor will listen for local connections from Tor + ## controller applications, as documented in control-spec.txt. diff --git a/packages/net-misc/tor/tor-scm.exheres-0 b/packages/net-misc/tor/tor-scm.exheres-0 new file mode 100644 index 0000000..b060368 --- /dev/null +++ b/packages/net-misc/tor/tor-scm.exheres-0 @@ -0,0 +1,118 @@ +# Copyright 2009 Sterling X. Winter <replica@exherbo.org> +# Distributed under the terms of the GNU General Public License v2 +# Based in part upon 'tor-0.2.0.32-r1.ebuild' from Gentoo, which is: +# Copyright 1999-2008 Gentoo Foundation + +SCM_REPOSITORY="https://git.torproject.org/tor.git" + +SCM_EXTERNAL_REFS=" + src/ext/rust:torrust +" +SCM_SECONDARY_REPOSITORIES=" + torrust +" + +SCM_torrust_REPOSITORY="https://git.torproject.org/tor-rust-dependencies" + +require systemd-service +require openrc-service [ openrc_confd_files=[ "${FILES}"/openrc/confd ] ] +require scm-git +require autotools [ supported_autoconf=[ 2.5 ] supported_automake=[ 1.15 ] ] + +SUMMARY="Anonymizing Internet communication system" +DESCRIPTION=" +Tor helps you defend against traffic analysis, a form of network surveillance +that threatens personal freedom and privacy, confidential business activities +and relationships, and state security. Tor protects you by bouncing your +communications around a distributed network of relays run by volunteers all +around the world: it prevents somebody watching your Internet connection from +learning what sites you visit, and it prevents the sites you visit from learning +your physical location. Tor works with many of your existing applications, +including web browsers, instant messaging clients, remote login, and other +applications based on the TCP protocol. +" +HOMEPAGE="http://www.torproject.org/" +DOWNLOADS="" + +LICENCES="BSD-3" +SLOT="0" +PLATFORMS="~amd64 ~x86" +MYOPTIONS=" + debug [[ description = [ Compile with debugging info ] ]] + systemd [[ description = [ Enable systemd notification support ] ]] + ( providers: libressl openssl ) [[ number-selected = exactly-one ]] +" + +DEPENDENCIES=" + build: + sys-devel/automake[>=1.7] + build+run: + app-arch/zstd[>=1.1] + dev-libs/libevent[>=1.2] + dev-libs/libpcap + providers:libressl? ( dev-libs/libressl:= ) + providers:openssl? ( dev-libs/openssl[>=1.0.1] ) + sys-libs/libseccomp + systemd? ( sys-apps/systemd ) + + group/tor + user/tor + + suggestion: + app-admin/logrotate [[ description = [ Use logrotate for rotating logs ] ]] + net-proxy/polipo [[ description = [ + Tor-friendly HTTP proxy, recommended by upstream over Privoxy + ] ]] + net-proxy/torsocks [[ description = [ + Tor-friendly SOCKS proxy, recommended by upstream over tsocks + ] ]] +" + +REMOTE_IDS="freecode:${PN}" +UPSTREAM_CHANGELOG="https://git.torproject.org/checkout/tor/master/ChangeLog [[ lang = en ]]" +UPSTREAM_DOCUMENTATION="https://www.torproject.org/docs/tor-doc-unix.html.en [[ lang = en ]]" +UPSTREAM_RELEASE_NOTES="https://git.torproject.org/checkout/tor/master/ReleaseNotes [[ lang = en ]]" + +DEFAULT_SRC_PREPARE_PATCHES=( + -p1 "${FILES}"/torrc.sample.in-sane-defaults.patch + -p1 "${FILES}"/tor.logrotate.in.patch +) + +DEFAULT_SRC_CONFIGURE_PARAMS=( + --enable-lzma + --enable-zstd + --localstatedir=/var + --with-tor-user=tor + --with-tor-group=tor +) +DEFAULT_SRC_CONFIGURE_OPTION_ENABLES=( debug systemd ) + +DEFAULT_SRC_INSTALL_EXTRA_PREFIXES=( doc/ ) +DEFAULT_SRC_INSTALL_EXTRA_DOCS=( + ReleaseNotes + doc/spec/{{address,control,dir,path,rend,tor,version}-spec,socks-extensions}.txt +) + +src_install() { + default + + keepdir /var/{lib,log}/tor + edo chown tor:tor "${IMAGE}"/var/{lib,log}/tor + edo chmod 750 "${IMAGE}"/var/{lib,log}/tor + + install_systemd_files + install_openrc_files + + insinto /etc/logrotate.d + newins contrib/operator-tools/tor.logrotate tor + + # Allow user 'tor' more open file handles to avoid errors, see Gentoo bug 251171 + insinto /etc/security/limits.d/ + doins "${FILES}"/tor.conf +} + +pkg_postinst() { + elog "Before using Tor you need a configuration in /etc/tor/torrc. An example can be" + elog "found in /etc/tor/torrc.sample." +} + |