Index: branches/2017Q2/security/tor-devel/Makefile =================================================================== --- branches/2017Q2/security/tor-devel/Makefile (revision 443669) +++ branches/2017Q2/security/tor-devel/Makefile (revision 443670) @@ -1,132 +1,125 @@ # Created by: peter.thoenen@yahoo.com # $FreeBSD$ PORTNAME= tor -DISTVERSION= 0.3.0.3-alpha +DISTVERSION= 0.3.1.3-alpha CATEGORIES= security net ipv6 MASTER_SITES= TOR PKGNAMESUFFIX= -devel MAINTAINER= yuri@rawbw.com COMMENT= Anonymizing overlay network for TCP LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -BROKEN_mips64= Does not build: error: Need a uint128_t implementation! -BROKEN_powerpc64= Does not build -BROKEN_sparc64= Does not build: error: Need a uint128_t implementation! +BROKEN_mips64= does not build: error: Need a uint128_t implementation! +BROKEN_powerpc64= does not build: error: Need a uint128_t implementation! +BROKEN_sparc64= does not build: error: Need a uint128_t implementation! -USES= cpe gmake +USES= cpe gmake pkgconfig CPE_VENDOR= torproject -#CPE_VERSION= ${DISTVERSION:C/-.*//} -#CPE_UPDATE= ${DISTVERSION:C/.*-//} GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-openssl-dir="${OPENSSLBASE}" +CONFIGURE_ARGS= --with-openssl-dir="${OPENSSLBASE}" \ + --disable-lzma \ + --disable-zstd CONFIGURE_ENV= TOR_CPPFLAGS_libevent="-I${LOCALBASE}/include" \ TOR_LDFLAGS_libevent="-L${LOCALBASE}/lib/" \ TOR_LIBEVENT_LIBS="${TOR_LIBEVENT_LIBS}" -OPTIONS_DEFINE= MANPAGES STATIC_TOR TCMALLOC TOR2WEB TRANSPARENT +OPTIONS_DEFINE= MANPAGES DOCS STATIC_TOR TCMALLOC TOR2WEB +OPTIONS_DEFAULT=MANPAGES OPTIONS_SUB= yes STATIC_TOR_DESC= Build a static tor TCMALLOC_DESC= Use the tcmalloc memory allocation library TOR2WEB_DESC= (EXPERT OPTION) Faster but non-anonymous hidden services -TRANSPARENT_DESC= Transparent proxy support -OPTIONS_DEFAULT= MANPAGES TRANSPARENT - USE_RC_SUBR= tor SUB_FILES= pkg-message +SUB_LIST= USER="${USERS}" GROUP="${GROUPS}" +PLIST_SUB= USER="${USERS}" GROUP="${GROUPS}" GROUPS= _tor USERS= _tor CONFLICTS= tor-[0-9]* STATIC_TOR_USES= ssl:build STATIC_TOR_USES_OFF= ssl -MANPAGES_BUILD_DEPENDS= asciidoc:textproc/asciidoc -MANPAGES_CONFIGURE_OFF= --disable-asciidoc - .include +.if ${PORT_OPTIONS:MDOCS} || ${PORT_OPTIONS:MMANPAGES} +BUILD_DEPENDS+= asciidoc:textproc/asciidoc +.else +CONFIGURE_ARGS+= --disable-asciidoc +.endif + .if !defined(USE_GCC) && empty(CC:T:M*gcc4*) && \ empty(PORT_OPTIONS:MSTATIC_TOR) && empty(ARCH:Mia64) CONFIGURE_ARGS+= --enable-gcc-hardening .else CONFIGURE_ARGS+= --disable-gcc-hardening .endif .if ${PORT_OPTIONS:MSTATIC_TOR} BUILD_DEPENDS += ${LOCALBASE}/lib/libevent.a:devel/libevent CONFIGURE_ARGS+= --enable-static-tor \ --with-zlib-dir=/usr/lib --disable-linker-hardening TOR_LIBEVENT_LIBS= ${LOCALBASE}/lib/libevent.a .else CONFIGURE_ARGS+= --enable-linker-hardening LIB_DEPENDS+= libevent.so:devel/libevent TOR_LIBEVENT_LIBS= -levent .endif .if ${PORT_OPTIONS:MTCMALLOC} CONFIGURE_ARGS+= --with-tcmalloc .if ${PORT_OPTIONS:MSTATIC_TOR} BUILD_DEPENDS+= ${LOCALBASE}/lib/libtcmalloc.a:devel/google-perftools .else LIB_DEPENDS+= libtcmalloc.so:devel/google-perftools .endif .endif .if ${PORT_OPTIONS:MTOR2WEB} CONFIGURE_ARGS+= --enable-tor2web-mode .endif -.if ${PORT_OPTIONS:MTRANSPARENT} -CONFIGURE_ARGS+= --enable-transparent -.else -CONFIGURE_ARGS+= --disable-transparent -.endif - pre-everything:: .if ${PORT_OPTIONS:MTOR2WEB} @${ECHO_MSG} @${ECHO_MSG} "Warning: The expert option 'tor2web' is chosen." @${ECHO_MSG} " With this option tor cannot be used for regular traffic," @${ECHO_MSG} " only for non-anonymous hidden service traffic." @${ECHO_MSG} " Please make sure you understand this option." @${ECHO_MSG} .endif post-patch: @${REINPLACE_CMD} -E -e "s@(-z) (relro|now)@-Wl,\1,\2@g" \ ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|lib/tor|db/tor|' \ ${WRKSRC}/src/config/torrc.*.in \ ${WRKSRC}/doc/tor.1.* \ ${WRKSRC}/doc/tor.html.in post-patch-STATIC_TOR-off: @${REINPLACE_CMD} -e "s@-ltcmalloc@${LOCALBASE}/lib/libtcmalloc.so@" \ ${WRKSRC}/configure post-patch-STATIC_TOR-on: @${REINPLACE_CMD} -e "s@-ltcmalloc@${LOCALBASE}/lib/libtcmalloc.a@" \ ${WRKSRC}/configure -post-configure: - @${REINPLACE_CMD} -e '\|^nodist_man1_MANS =|s|$$|$$(install_mans:=.1)|' \ - ${WRKSRC}/Makefile - post-install: - @${MKDIR} ${STAGEDIR}/var/log/tor ${STAGEDIR}/var/run/tor + @${MKDIR} ${STAGEDIR}/var/log/tor ${STAGEDIR}/var/run/tor ${STAGEDIR}/var/db/tor .if ! ${PORT_OPTIONS:MTOR2WEB} check regression-test test: build @cd ${BUILD_WRKSRC} ; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} \ ${MAKE_ARGS} check .endif .include Index: branches/2017Q2/security/tor-devel/distinfo =================================================================== --- branches/2017Q2/security/tor-devel/distinfo (revision 443669) +++ branches/2017Q2/security/tor-devel/distinfo (revision 443670) @@ -1,3 +1,3 @@ -TIMESTAMP = 1486672862 -SHA256 (tor-0.3.0.3-alpha.tar.gz) = 739adb4a7ae1eb12582a667d56f7e8348123b1e00fe9d8a6159776df6dba7a87 -SIZE (tor-0.3.0.3-alpha.tar.gz) = 5738504 +TIMESTAMP = 1496960997 +SHA256 (tor-0.3.1.3-alpha.tar.gz) = 05b0fd6b1d119d038dc0a4e00261b821e1be0b96c83fbc6251cb25d5435ed9b4 +SIZE (tor-0.3.1.3-alpha.tar.gz) = 5946205 Index: branches/2017Q2/security/tor-devel/files/pkg-message.in =================================================================== --- branches/2017Q2/security/tor-devel/files/pkg-message.in (revision 443669) +++ branches/2017Q2/security/tor-devel/files/pkg-message.in (revision 443670) @@ -1,14 +1,22 @@ ================================================================================ To enable the tor server, set tor_enable="YES" in your /etc/rc.conf and edit %%PREFIX%%/etc/tor/torrc as desired. (However, note that the %%PREFIX%%/etc/rc.d/tor rc.subr script can override some torrc options: see that script for details.) To use the torify script, install the net/torsocks port. Tor users are strongly advised to prevent traffic analysis that exploits sequential IP IDs by setting: sysctl net.inet.ip.random_id=1 (see sysctl.conf(5)). + +In order to run additional, independent instances of tor on the same machine +set tor_instances="inst1 inst2 ..." in your /etc/rc.conf, and create the +corresponding additional configuration files %%PREFIX%%/etc/tor/torrc@inst1, ... + +Alternatively, you can use the extended instance definition to specify all +instance parameteres explicitly: +inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} ================================================================================ Index: branches/2017Q2/security/tor-devel/files/tor.in =================================================================== --- branches/2017Q2/security/tor-devel/files/tor.in (revision 443669) +++ branches/2017Q2/security/tor-devel/files/tor.in (revision 443670) @@ -1,41 +1,119 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: tor # REQUIRE: DAEMON FILESYSTEMS # BEFORE: LOGIN # # Add the following lines to /etc/rc.conf to enable tor. # All these options will overide any settings in your local torrc as # they are command line options. # # tor_enable (bool): Set it to "YES" to enable tor. Default: NO +# tor_instances (str): List of instances. Default: "" # tor_conf (str): Points to your torrc file. # Default: %%PREFIX%%/etc/tor/torrc -# tor_user (str): Tor daemon user. Default: _tor +# tor_user (str): Tor daemon user. Default: %%USER%% +# tor_group (str): Tor group. Default: %%GROUP%% +# tor_pidfile (str): Tor pid file. Default: /var/run/tor/tor.pid # tor_datadir (str): Tor datadir. Default: /var/db/tor +# tor_disable_default_instance (str): Doesn't run the default instance. +# Only valid when tor_instances is used. +# Default: NO # +# The instance definition that tor_instances expects: +# inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir} +# . /etc/rc.subr name="tor" rcvar=tor_enable +exit_code=0 load_rc_config ${name} : ${tor_enable="NO"} +: ${tor_instances=""} : ${tor_conf="%%PREFIX%%/etc/tor/torrc"} -: ${tor_user="_tor"} +: ${tor_user="%%USER%%"} +: ${tor_group="%%GROUP%%"} : ${tor_pidfile="/var/run/tor/tor.pid"} : ${tor_datadir="/var/db/tor"} +: ${tor_disable_default_instance="NO"} +instance=${slave_instance} +if [ -n "${instance}" ]; then + inst_def=${instance} + inst_name=${inst_def%%:*} + [ "${inst_name}" != "main" ] || err 1 "${name} instance can't be named 'main'" + inst_def=${inst_def#$inst_name} + if [ -n "$inst_def" ]; then + # extended instance: parameters are set explicitly + inst_def=${inst_def#:} + tor_conf=${inst_def%%:*} + inst_def=${inst_def#$tor_conf:} + tor_user=${inst_def%%:*} + inst_def=${inst_def#$tor_user:} + tor_group=${inst_def%%:*} + inst_def=${inst_def#$tor_group:} + tor_pidfile=${inst_def%%:*} + tor_datadir=${inst_def#$tor_pidfile:} + if [ -z "${tor_conf}" -o -z "${tor_user}" -o -z "${tor_group}" -o -z "${tor_pidfile}" -o -z "${tor_datadir}" ]; then + warn "invalid tor instance ${inst_name} settings: ${instance}" + exit 1 + fi + else + # regular instance: default parameters are used + tor_conf=${tor_conf}@${inst_name} + tor_pidfile=${tor_pidfile}@${inst_name} + tor_datadir=${tor_datadir}/instance@${inst_name} + fi + if ! [ -r ${tor_conf} ]; then + warn "tor instance ${inst_name} config file ${tor_conf} doesn't exist or isn't readable" + warn "you can copy the sample config %%PREFIX%%/etc/tor/torrc.sample and modify it" + exit 1 + fi + if ! [ -d ${tor_datadir} ]; then + mkdir -p ${tor_datadir} && + chown ${tor_user}:${tor_group} ${tor_datadir} && + chmod 0700 ${tor_datadir} && + echo "${name}: created the instance data directory ${tor_datadir}" + fi +fi + +if [ -z "${instance}" -a -n "${tor_instances}" ]; then + inst_only="$2" + inst_done=0 + for i in ${tor_instances}; do + inst_name=${i%%:*} + if [ -z "${inst_only}" -o "${inst_name}" = "${inst_only}" ]; then + echo -n "${name} instance ${inst_name}: " + if ! slave_instance=${i} %%PREFIX%%/etc/rc.d/tor "$1"; then + exit_code=1 + fi + inst_done=$((inst_done+1)) + fi + done + if [ -z "${inst_only}" -o "${inst_only}" = "main" ]; then + checkyesno tor_disable_default_instance && return $exit_code + echo -n "${name} main instance: " + elif [ -n "${inst_only}" ]; then + [ $inst_done -gt 0 ] || err 1 "${name} instance '$inst_only' isn't defined" + return $exit_code + fi +fi + required_files=${tor_conf} required_dirs=${tor_datadir} pidfile=${tor_pidfile} command="%%PREFIX%%/bin/${name}" command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}" extra_commands="reload" -run_rc_command "$1" +if ! run_rc_command "$1"; then + exit_code=1 +fi +return $exit_code Index: branches/2017Q2/security/tor-devel/pkg-descr =================================================================== --- branches/2017Q2/security/tor-devel/pkg-descr (revision 443669) +++ branches/2017Q2/security/tor-devel/pkg-descr (revision 443670) @@ -1,16 +1,16 @@ Tor: an anonymizing overlay network for TCP Tor is a connection-based low-latency anonymous communication system which addresses many flaws in the original onion routing design. Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. Remember that this is development code -- DON'T RELY ON THE CURRENT TOR NETWORK FOR ANONYMITY! -WWW: http://torproject.org/ +WWW: https://www.torproject.org/ Index: branches/2017Q2/security/tor-devel/pkg-plist =================================================================== --- branches/2017Q2/security/tor-devel/pkg-plist (revision 443669) +++ branches/2017Q2/security/tor-devel/pkg-plist (revision 443670) @@ -1,17 +1,18 @@ bin/tor bin/tor-gencert bin/tor-resolve bin/torify @sample etc/tor/torrc.sample %%MANPAGES%%man/man1/tor-gencert.1.gz %%MANPAGES%%man/man1/tor-resolve.1.gz %%MANPAGES%%man/man1/tor.1.gz %%MANPAGES%%man/man1/torify.1.gz -%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/tor-gencert.html -%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/tor-resolve.html -%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/tor.html -%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/torify.html +%%PORTDOCS%%%%DOCSDIR%%/tor-gencert.html +%%PORTDOCS%%%%DOCSDIR%%/tor-resolve.html +%%PORTDOCS%%%%DOCSDIR%%/tor.html +%%PORTDOCS%%%%DOCSDIR%%/torify.html %%DATADIR%%/geoip %%DATADIR%%/geoip6 -@dir(_tor,_tor,750) /var/run/tor -@dir(_tor,_tor,750) /var/log/tor +@dir(%%USER%%,%%GROUP%%,700) /var/run/tor +@dir(%%USER%%,%%GROUP%%,700) /var/log/tor +@dir(%%USER%%,%%GROUP%%,700) /var/db/tor