sync with portage

8 files changed, 238 insertions, 0 deletions

diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo
new file mode 100644
index 0000000..35214ac
--- /dev/null
+++ b/net-vpn/tor/files/README.gentoo
@@ -0,0 +1,8 @@
+We created a configuration file for tor, /etc/tor/torrc, but you can
+change it according to your needs.  Use the torrc.sample that is in
+that directory as a guide.  Also, to have privoxy work with tor
+just add the following line
+
+forward-socks4a / localhost:9050 .
+
+to /etc/privoxy/config.  Notice the . at the end!
diff --git a/net-vpn/tor/files/tor-0.2.3.14_alpha-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.3.14_alpha-torrc.sample.patch
new file mode 100644
index 0000000..1fa9d28
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.2.3.14_alpha-torrc.sample.patch
@@ -0,0 +1,31 @@
+diff -Naur tor-0.2.3.14-alpha.orig//src/config/torrc.sample.in tor-0.2.3.14-alpha/src/config/torrc.sample.in
+--- tor-0.2.3.14-alpha.orig//src/config/torrc.sample.in	2012-04-23 03:10:14.000000000 -0400
++++ tor-0.2.3.14-alpha/src/config/torrc.sample.in	2012-04-24 06:30:21.000000000 -0400
+@@ -12,6 +12,11 @@
+ ## Tor will look for this file in various places based on your platform:
+ ## https://www.torproject.org/docs/faq#torrc
+ 
++## Default username and group the server will run as
++User tor
++
++PIDFile /var/run/tor/tor.pid
++
+ ## Tor opens a socks proxy on port 9050 by default -- even if you don't
+ ## configure one below. Set "SocksPort 0" if you plan to run Tor only
+ ## as a relay, and not make any local application connections yourself.
+@@ -41,6 +46,7 @@
+ #Log notice syslog
+ ## To send all messages to stderr:
+ #Log debug stderr
++Log warn syslog
+ 
+ ## Uncomment this to start the process in the background... or use
+ ## --runasdaemon 1 on the command line. This is ignored on Windows;
+@@ -50,6 +56,7 @@
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+ #DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory   /var/lib/tor/data
+ 
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
diff --git a/net-vpn/tor/files/tor.conf b/net-vpn/tor/files/tor.conf
new file mode 100644
index 0000000..188c041
--- /dev/null
+++ b/net-vpn/tor/files/tor.conf
@@ -0,0 +1 @@
+d       /var/run/tor        0775    tor     tor     -       -
diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd
new file mode 100644
index 0000000..4195bf3
--- /dev/null
+++ b/net-vpn/tor/files/tor.confd
@@ -0,0 +1,3 @@
+#
+# Set the file limit
+rc_ulimit="-n 30000"
diff --git a/net-vpn/tor/files/tor.initd-r7 b/net-vpn/tor/files/tor.initd-r7
new file mode 100644
index 0000000..799cca1
--- /dev/null
+++ b/net-vpn/tor/files/tor.initd-r7
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+PIDFILE=/var/run/tor/tor.pid
+CONFFILE=/etc/tor/torrc
+GRACEFUL_TIMEOUT=${GRACEFUL_TIMEOUT:-60}
+
+# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
+# Graceful = wait 30 secs or so until all connections are properly closed.
+extra_commands="checkconfig"
+extra_started_commands="graceful gracefulstop reload"
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check for valid config file."
+description_reload="Reload the configuration."
+description_graceful="Gracefully restart."
+description_gracefulstop="Gracefully stop."
+
+depend() {
+        need net
+}
+
+checkconfig() {
+        # first check that it exists
+        if [ ! -f ${CONFFILE} ] ; then
+                eerror "You need to setup ${CONFFILE} first"
+                eerror "Example is in ${CONFFILE}.sample"
+                return 1
+	fi
+
+	# now verify whether the configuration is valid
+	/usr/bin/tor --verify-config -f ${CONFFILE} > /dev/null 2>&1
+	if [ $? -eq 0 ] ; then
+		einfo "Tor configuration (${CONFFILE}) is valid."
+		return 0
+	else
+		eerror "Tor configuration (${CONFFILE}) not valid."
+		/usr/bin/tor --verify-config -f ${CONFFILE}
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	checkpath -d -m 0755 -o tor:tor /var/run/tor
+        ebegin "Starting Tor"
+        HOME=/var/lib/tor
+	start-stop-daemon --start --pidfile "${PIDFILE}" --quiet --exec /usr/bin/tor  -- -f "${CONFFILE}" --runasdaemon 1 --PidFile "${PIDFILE}" > /dev/null 2>&1
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping Tor"
+	start-stop-daemon --stop --pidfile "${PIDFILE}" --exec /usr/bin/tor -- --PidFile "${PIDFILE}"
+        eend $?
+}
+
+graceful() {
+	gracefulstop
+	start
+	eend $?
+}
+
+gracefulstop() {
+	local rc=0
+        ebegin "Gracefully stopping Tor"
+	ebegin "This can take up to ${GRACEFUL_TIMEOUT} seconds"
+	start-stop-daemon -P --stop --signal INT -R ${GRACEFUL_TIMEOUT} --pidfile "${PIDFILE}" --exec /usr/bin/tor -- --PidFile "${PIDFILE}"
+	rc=$?
+	eend "done"
+	eend $rc
+}
+
+reload() {
+	if [ ! -f ${PIDFILE} ]; then
+		eerror "${SVCNAME} isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+	ebegin "Reloading Tor configuration"
+	start-stop-daemon --signal HUP --pidfile ${PIDFILE}
+	eend $?
+}
diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service
new file mode 100644
index 0000000..8fcc674
--- /dev/null
+++ b/net-vpn/tor/files/tor.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=The Onion Router
+
+[Service]
+ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc
+ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
+TimeoutStopSec=32
+LimitNOFILE=30000
+
+# Hardening options:
+CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+PrivateTmp = yes
+PrivateDevices = yes
+ProtectHome = yes
+ProtectSystem = full
+NoNewPrivileges = yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/tor/files/torrc-r1 b/net-vpn/tor/files/torrc-r1
new file mode 100644
index 0000000..322a794
--- /dev/null
+++ b/net-vpn/tor/files/torrc-r1
@@ -0,0 +1,7 @@
+#
+# Minimal torrc so tor will work out of the box
+#
+User tor
+PIDFile /var/run/tor/tor.pid
+Log notice syslog
+DataDirectory /var/lib/tor/data
diff --git a/net-vpn/tor/tor-scm.ebuild b/net-vpn/tor/tor-scm.ebuild
new file mode 100644
index 0000000..587ce0f
--- /dev/null
+++ b/net-vpn/tor/tor-scm.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic readme.gentoo systemd toolchain-funcs versionator user git-r3
+
+EGIT_REPO_URI="https://git.torproject.org/tor.git"
+
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="http://www.torproject.org/"
+SRC_URI=""
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS=""
+IUSE="libressl scrypt seccomp selinux systemd tor-hardening test web"
+
+DEPEND="
+	app-text/asciidoc
+	dev-libs/libevent[ssl]
+	sys-libs/zlib
+	!libressl? ( dev-libs/openssl:0=[-bindist] )
+	libressl? ( dev-libs/libressl:0= )
+	scrypt? ( app-crypt/libscrypt )
+	seccomp? ( sys-libs/libseccomp )
+	systemd? ( sys-apps/systemd )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-tor )"
+
+pkg_setup() {
+	enewgroup tor
+	enewuser tor -1 -1 /var/lib/tor tor
+}
+
+src_prepare() {
+	epatch_user
+	./autogen.sh
+}
+
+src_configure() {
+	# Upstream isn't sure of all the user provided CFLAGS that
+	# will break tor, but does recommend against -fstrict-aliasing.
+	# We'll filter-flags them here as we encounter them.
+	filter-flags -fstrict-aliasing
+
+	econf \
+		--localstatedir="${EPREFIX}/var" \
+		--enable-system-torrc \
+		--enable-asciidoc \
+		--disable-unittests \
+		$(use_enable scrypt libscrypt) \
+		$(use_enable seccomp) \
+		$(use_enable systemd) \
+		$(use_enable tor-hardening gcc-hardening) \
+		$(use_enable tor-hardening linker-hardening) \
+		$(use_enable web tor2web-mode) \
+		$(use_enable test unittests) \
+		$(use_enable test coverage)
+}
+
+src_install() {
+	default
+	readme.gentoo_create_doc
+
+	newconfd "${FILESDIR}"/tor.confd tor
+	newinitd "${FILESDIR}"/tor.initd-r7 tor
+	systemd_dounit "${FILESDIR}/${PN}.service"
+	systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
+
+	emake DESTDIR="${D}" install
+
+	keepdir /var/lib/tor
+
+	dodoc README ChangeLog ReleaseNotes
+
+	fperms 750 /var/lib/tor
+	fowners tor:tor /var/lib/tor
+
+	insinto /etc/tor/
+	newins "${FILESDIR}"/torrc-r1 torrc
+}