Index: head/security/tor/Makefile =================================================================== --- head/security/tor/Makefile (revision 425101) +++ head/security/tor/Makefile (revision 425102) @@ -1,131 +1,132 @@ # Created by: peter.thoenen@yahoo.com # $FreeBSD$ PORTNAME= tor PORTVERSION= 0.2.8.9 +PORTREVISION= 1 CATEGORIES= security net ipv6 MASTER_SITES= TOR MAINTAINER= yuri@rawbw.com COMMENT= Anonymizing overlay network for TCP LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BROKEN_mips64= Does not build: error: Need a uint128_t implementation! BROKEN_powerpc64= Does not build BROKEN_sparc64= Does not build: error: Need a uint128_t implementation! USES= cpe gmake CPE_VENDOR= torproject GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-openssl-dir="${OPENSSLBASE}" --disable-asciidoc CONFIGURE_ENV= TOR_CPPFLAGS_libevent="-I${LOCALBASE}/include" \ TOR_LDFLAGS_libevent="-L${LOCALBASE}/lib/" \ TOR_LIBEVENT_LIBS="${TOR_LIBEVENT_LIBS}" OPTIONS_DEFINE= STATIC_TOR TCMALLOC TOR2WEB TRANSPARENT STATIC_TOR_DESC= Build a static tor TCMALLOC_DESC= Use the tcmalloc memory allocation library TOR2WEB_DESC= (EXPERT OPTION) Faster but non-anonymous hidden services TRANSPARENT_DESC= Transparent proxy support OPTIONS_DEFAULT= TRANSPARENT USE_RC_SUBR= tor SUB_FILES= pkg-message SUB_LIST= USER="${USERS}" GROUP="${GROUPS}" PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}" GROUPS= _tor USERS= _tor CONFLICTS= tor-devel-[0-9]* STATIC_TOR_USES= ssl:build STATIC_TOR_USES_OFF= ssl .include .if ${OSVERSION} < 1000000 WITH_OPENSSL_PORT= yes .endif .if !defined(USE_GCC) && empty(CC:T:M*gcc4*) && \ empty(PORT_OPTIONS:MSTATIC_TOR) && empty(ARCH:Mia64) CONFIGURE_ARGS+= --enable-gcc-hardening .else CONFIGURE_ARGS+= --disable-gcc-hardening .endif .if ${PORT_OPTIONS:MSTATIC_TOR} BUILD_DEPENDS += ${LOCALBASE}/lib/libevent.a:devel/libevent2 CONFIGURE_ARGS+= --enable-static-tor \ --with-zlib-dir=/usr/lib --disable-linker-hardening TOR_LIBEVENT_LIBS= ${LOCALBASE}/lib/libevent.a .else CONFIGURE_ARGS+= --enable-linker-hardening LIB_DEPENDS+= libevent.so:devel/libevent2 TOR_LIBEVENT_LIBS= -levent .endif .if ${PORT_OPTIONS:MTCMALLOC} CONFIGURE_ARGS+= --with-tcmalloc .if ${PORT_OPTIONS:MSTATIC_TOR} BUILD_DEPENDS+= ${LOCALBASE}/lib/libtcmalloc.a:devel/google-perftools .else LIB_DEPENDS+= libtcmalloc.so:devel/google-perftools .endif .endif .if ${PORT_OPTIONS:MTOR2WEB} CONFIGURE_ARGS+= --enable-tor2web-mode .endif .if ${PORT_OPTIONS:MTRANSPARENT} CONFIGURE_ARGS+= --enable-transparent .else CONFIGURE_ARGS+= --disable-transparent .endif pre-everything:: .if ${PORT_OPTIONS:MTOR2WEB} @${ECHO_MSG} @${ECHO_MSG} "Warning: The expert option 'tor2web' is chosen." @${ECHO_MSG} " With this option tor cannot be used for regular traffic," @${ECHO_MSG} " only for non-anonymous hidden service traffic." @${ECHO_MSG} " Please make sure you understand this option." @${ECHO_MSG} .endif post-patch: @${REINPLACE_CMD} -E -e "s@(-z) (relro|now)@-Wl,\1,\2@g" \ ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|lib/tor|db/tor|' \ ${WRKSRC}/src/config/torrc.*.in \ ${WRKSRC}/doc/tor.1.* \ ${WRKSRC}/doc/tor.html.in post-patch-STATIC_TOR-off: @${REINPLACE_CMD} -e "s@-ltcmalloc@${LOCALBASE}/lib/libtcmalloc.so@" \ ${WRKSRC}/configure post-patch-STATIC_TOR-on: @${REINPLACE_CMD} -e "s@-ltcmalloc@${LOCALBASE}/lib/libtcmalloc.a@" \ ${WRKSRC}/configure post-configure: @${REINPLACE_CMD} -e '\|^nodist_man1_MANS =|s|$$|$$(install_mans:=.1)|' \ ${WRKSRC}/Makefile post-install: @${MKDIR} ${STAGEDIR}/var/log/tor ${STAGEDIR}/var/run/tor ${STAGEDIR}/var/db/tor .if ! ${PORT_OPTIONS:MTOR2WEB} check regression-test test: build @cd ${BUILD_WRKSRC} ; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} \ ${MAKE_ARGS} check .endif .include Index: head/security/tor/files/pkg-message.in =================================================================== --- head/security/tor/files/pkg-message.in (revision 425101) +++ head/security/tor/files/pkg-message.in (revision 425102) @@ -1,14 +1,22 @@ ================================================================================ To enable the tor server, set tor_enable="YES" in your /etc/rc.conf and edit %%PREFIX%%/etc/tor/torrc as desired. (However, note that the %%PREFIX%%/etc/rc.d/tor rc.subr script can override some torrc options: see that script for details.) To use the torify script, install the net/torsocks port. Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: sysctl net.inet.ip.random_id=1 (see sysctl.conf(5)). + +In order to run additional, independent instances of tor on the same machine +set tor_instances="inst1 inst2 ..." in your /etc/rc.conf, and create the +corresponding additional configuration files %%PREFIX%%/etc/tor/torrc@inst1, ... + +Alternatively, you can use the extended instance definition to specify all +instance parameteres explicitly: +inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} ================================================================================ Index: head/security/tor/files/tor.in =================================================================== --- head/security/tor/files/tor.in (revision 425101) +++ head/security/tor/files/tor.in (revision 425102) @@ -1,41 +1,99 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: tor # REQUIRE: DAEMON FILESYSTEMS # BEFORE: LOGIN # # Add the following lines to /etc/rc.conf to enable tor. # All these options will overide any settings in your local torrc as # they are command line options. # # tor_enable (bool): Set it to "YES" to enable tor. Default: NO +# tor_instances (str): List of instances. Default: "" # tor_conf (str): Points to your torrc file. # Default: %%PREFIX%%/etc/tor/torrc -# tor_user (str): Tor daemon user. Default: _tor +# tor_user (str): Tor daemon user. Default: %%USER%% +# tor_group (str): Tor group. Default: %%GROUP%% +# tor_pidfile (str): Tor pid file. Default: /var/run/tor/tor.pid # tor_datadir (str): Tor datadir. Default: /var/db/tor +# tor_disable_default_instance (str): Doesn't run the default instance. +# Only valid when tor_instances is used. +# Default: NO # +# The instance definition that tor_instances expects: +# inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} +# . /etc/rc.subr name="tor" rcvar=tor_enable load_rc_config ${name} : ${tor_enable="NO"} +: ${tor_instances=""} : ${tor_conf="%%PREFIX%%/etc/tor/torrc"} : ${tor_user="%%USER%%"} +: ${tor_group="%%GROUP%%"} : ${tor_pidfile="/var/run/tor/tor.pid"} : ${tor_datadir="/var/db/tor"} +: ${tor_disable_default_instance="NO"} + +instance=${2} +if [ -n "${instance}" ]; then + # extended instance: parameters are set explicitly + inst_def=${instance} + inst_name=${inst_def%%:*} + inst_def=${inst_def#$inst_name} + if [ -n "$inst_def" ]; then + inst_def=${inst_def#:} + tor_conf=${inst_def%%:*} + inst_def=${inst_def#$tor_conf:} + tor_user=${inst_def%%:*} + inst_def=${inst_def#$tor_user:} + tor_group=${inst_def%%:*} + inst_def=${inst_def#$tor_group:} + tor_pidfile=${inst_def%%:*} + tor_datadir=${inst_def#$tor_pidfile:} + if [ -z "${tor_conf}" -o -z "${tor_user}" -o -z "${tor_group}" -o -z "${tor_pidfile}" -o -z "${tor_datadir}" ]; then + warn "invalid tor instance ${inst_name} settings" + exit 1 + fi + else + # regular instance: default parameters are used + tor_conf=${tor_conf}@${inst_name} + tor_pidfile=${tor_pidfile}@${inst_name} + tor_datadir=${tor_datadir}/instance@${inst_name} + fi + if ! [ -r ${tor_conf} ]; then + warn "tor instance ${inst_name} config file ${tor_conf} doesn't exist or isn't readable" + warn "you can copy the sample config %%PREFIX%%/etc/tor/torrc.sample and modify it" + exit 1 + fi + if ! [ -d ${tor_datadir} ]; then + mkdir -p ${tor_datadir} && + chown ${tor_user}:${tor_group} ${tor_datadir} && + chmod 0700 ${tor_datadir} && + echo "${name}: created the instance data directory ${tor_datadir}" + fi +fi + +if [ -z "${instance}" -a -n "${tor_instances}" ]; then + for i in ${tor_instances}; do + %%PREFIX%%/etc/rc.d/tor $1 ${i} || warn "$1 failed for the tor instance $i" + done + checkyesno tor_disable_default_instance && return 0 +fi required_files=${tor_conf} required_dirs=${tor_datadir} pidfile=${tor_pidfile} command="%%PREFIX%%/bin/${name}" command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}" extra_commands="reload" run_rc_command "$1"