From 613b4e2848febac358e6cf3d64776afb0c8af69b Mon Sep 17 00:00:00 2001 From: Damien Goutte-Gattat Date: Sun, 15 Dec 2019 20:44:36 +0000 Subject: [PATCH] n/tor: Added tor-0.4.2.5. --- n/tor/doinst.sh | 24 +++ n/tor/rc.tor | 39 +++++ n/tor/slack-desc | 12 ++ n/tor/tor-0.4.2.5.tar.gz.sha256 | 1 + n/tor/tor.SlackBuild | 135 +++++++++++++++++ n/tor/tor.logrotate | 14 ++ n/tor/torrc | 254 ++++++++++++++++++++++++++++++++ 7 files changed, 479 insertions(+) create mode 100644 n/tor/doinst.sh create mode 100644 n/tor/rc.tor create mode 100644 n/tor/slack-desc create mode 100644 n/tor/tor-0.4.2.5.tar.gz.sha256 create mode 100755 n/tor/tor.SlackBuild create mode 100644 n/tor/tor.logrotate create mode 100644 n/tor/torrc diff --git a/n/tor/doinst.sh b/n/tor/doinst.sh new file mode 100644 index 00000000..6d1269d1 --- /dev/null +++ b/n/tor/doinst.sh @@ -0,0 +1,24 @@ +#!/bin/sh +config() +{ + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then + rm $NEW + fi +} + +config etc/tor/torrc.new + +if ! grep ^tor: /etc/group > /dev/null ; then + /usr/sbin/groupadd -g 281 tor +fi + +if ! grep ^tor: /etc/passwd > /dev/null ; then + /usr/sbin/useradd -u 281 -c Tor -d /var/lib/tor -g tor tor +fi + +chown tor:tor var/{lib,log,run}/tor +chmod 0700 var/lib/tor diff --git a/n/tor/rc.tor b/n/tor/rc.tor new file mode 100644 index 00000000..6c77efeb --- /dev/null +++ b/n/tor/rc.tor @@ -0,0 +1,39 @@ +#!/bin/bash + +PIDFILE=/var/run/tor/tor.pid + +case "$1" in +start) + /usr/bin/tor + ;; + +stop) + if [ -f $PIDFILE ]; then + kill -15 $(< $PIDFILE) + fi + ;; + +reload) + if [ -f $PIDFILE ]; then + kill -1 $(< $PIDFILE) + fi + ;; + +status) + if [ -f $PIDFILE ] && kill -0 $(< $PIDFILE) ; then + echo "Tor is running." + else + echo "Tor is not running." + fi + ;; + +restart) + $0 stop + sleep 1 + $0 start + ;; + +*) + echo "Usage: $0 {start|stop|restart|reload|status}" + ;; +esac diff --git a/n/tor/slack-desc b/n/tor/slack-desc new file mode 100644 index 00000000..c9249ae9 --- /dev/null +++ b/n/tor/slack-desc @@ -0,0 +1,12 @@ + |-----handy-ruler-----------------------------------------------------| +tor: tor (The Onion Router) +tor: +tor: Tor protects your privacy on the Internet by hiding the connection +tor: between your Internet address and the services you use. +tor: +tor: +tor: +tor: +tor: +tor: +tor: diff --git a/n/tor/tor-0.4.2.5.tar.gz.sha256 b/n/tor/tor-0.4.2.5.tar.gz.sha256 new file mode 100644 index 00000000..d9774590 --- /dev/null +++ b/n/tor/tor-0.4.2.5.tar.gz.sha256 @@ -0,0 +1 @@ +4d5975862e7808faebe9960def6235669fafeeac844cb76965501fa7af79d8c2 tor-0.4.2.5.tar.gz diff --git a/n/tor/tor.SlackBuild b/n/tor/tor.SlackBuild new file mode 100755 index 00000000..a061ca1f --- /dev/null +++ b/n/tor/tor.SlackBuild @@ -0,0 +1,135 @@ +#!/bin/bash +# Build script for Slackware +# Copyright (C) 2019 Damien Goutte-Gattat +# +# Redistribution and use of this script, with or without modifications, +# is permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING +# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# Contact: Damien Goutte-Gattat +# +# Latest tor sourcecode is available at: . + +# Source package infos +NAMESRC=${NAMESRC:-tor} +VERSION=${VERSION:-0.4.2.5} +ARCHIVE=${ARCHIVE:-$NAMESRC-$VERSION.tar.gz} +WGET=${WGET:-https://dist.torproject.org/$ARCHIVE} + +# Build infos +NAMEPKG=${NAMEPKG:-tor} +BUILD=${BUILD:-1GGD} +ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')} +JOBS=${JOBS:-1} +EXT=${EXT:-txz} + +# Directories +TMP=${TMP:-/tmp} +OUT=${OUT:-$TMP/build} +PKG=${PKG:-$OUT/$NAMEPKG} +CWD=$(pwd) + +set -e # Quit if a command returns non-zero + +# Sanity checks +if [ $UID -eq 0 ]; then + echo "You should NOT run this script as ROOT!" + exit 1 +fi +if [ ! -d $TMP ]; then + echo "$TMP does not exists or is not a directory!" + exit 1 +fi + +# Compilation flags +case "$ARCH" in +i?86) + CPUOPT="-O2 -march=$ARCH -mtune=i686" + ;; +x86_64) + CPUOPT="-O2 -fPIC" + ;; +*) + CPUOPT="-O2" + ;; +esac + +# Get and verify the source archive +if [ ! -r $ARCHIVE ]; then + wget -c -O $ARCHIVE.part "$WGET" + mv $ARCHIVE.part $ARCHIVE +fi +sha256sum -c $ARCHIVE.sha256 +NAME=$(tar ft $ARCHIVE | head -n 1 | cut -d / -f 1) + +# Compile +cd $TMP +echo "Building $ARCHIVE..." +tar xf $CWD/$ARCHIVE +cd $NAME +CFLAGS=$CPUOPT \ +CXXFLAGS=$CPUOPT \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib$LIBDIRSUFFIX \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --docdir=/usr/doc/$NAME \ + --localstatedir=/var \ + --with-tor-user=tor \ + --with-tor-group=tor \ + --disable-dependency-tracking \ + --build=$ARCH-slackware-linux +make -j $JOBS +make install-strip DESTDIR=$PKG + +# Compress man pages +find $PKG/usr/man -type f -exec gzip -9 {} \; + +# Install the documentation +install -m 644 CONTRIBUTING ChangeLog LICENSE README ReleaseNotes $PKG/usr/doc/$NAME + +# Install RC script +install -D -m 644 $CWD/rc.tor $PKG/etc/rc.d/rc.tor + +# Install custom config file +install -m 644 $CWD/torrc $PKG/etc/tor/torrc.new + +# Install logrotate config +install -D -m 644 $CWD/tor.logrotate $PKG/etc/logrotate.d/tor + +# Create runtime directories +mkdir -p $PKG/var/{lib,log,run}/tor + +# Copy slack-desc and doinst.sh files +install -D -m 644 $CWD/slack-desc $PKG/install/slack-desc +install -m 755 $CWD/doinst.sh $PKG/install/doinst.sh + +# Package the tree +cd $PKG +mkdir -p $OUT +PACKAGING=" +chown root:root . -R +/sbin/makepkg -l y -c n $OUT/$NAMEPKG-$VERSION-$ARCH-$BUILD.$EXT +rm -rf $PKG +rm -rf $TMP/$NAME +" +if type -p fakeroot ; then + echo "$PACKAGING" | fakeroot +else + su -c "$PACKAGING" +fi diff --git a/n/tor/tor.logrotate b/n/tor/tor.logrotate new file mode 100644 index 00000000..8331435c --- /dev/null +++ b/n/tor/tor.logrotate @@ -0,0 +1,14 @@ +/var/log/tor/*log { + su tor tor + daily + rotate 5 + compress + delaycompress + missingok + notifempty + create 0644 tor tor + sharedscripts + postrotate + /etc/rc.d/rc.tor reload > /dev/null + endscript +} diff --git a/n/tor/torrc b/n/tor/torrc new file mode 100644 index 00000000..86b4edf3 --- /dev/null +++ b/n/tor/torrc @@ -0,0 +1,254 @@ +## Configuration file for a typical Tor user +## Last updated 28 February 2019 for Tor 0.3.5.1-alpha. +## (may or may not work for much older or much newer versions of Tor.) +## +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. +## +## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, +## for more options you can use in this file. +## +## Tor will look for this file in various places based on your platform: +## https://www.torproject.org/docs/faq#torrc + +## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't +## configure one below. Set "SOCKSPort 0" if you plan to run Tor only +## as a relay, and not make any local application connections yourself. +#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections. +#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too. + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SOCKSPolicy is set, we accept +## all (and only) requests that reach a SOCKSPort. Untrusted users who +## can access your SOCKSPort may be able to learn about the connections +## you make. +#SOCKSPolicy accept 192.168.0.0/16 +#SOCKSPolicy accept6 FC00::/7 +#SOCKSPolicy reject * + +## Logs go to stdout at level "notice" unless redirected by something +## else, like one of the below lines. You can have as many Log lines as +## you want. +## +## We advise using "notice" in most cases, since anything more verbose +## may provide sensitive information to an attacker who obtains the logs. +## +## Send all messages of level 'notice' or higher to /usr/var/log/tor/notices.log +Log notice file /var/log/tor/notices.log +## Send every possible message to /usr/var/log/tor/debug.log +#Log debug file /usr/var/log/tor/debug.log +## Use the system log instead of Tor's logfiles +#Log notice syslog +## To send all messages to stderr: +#Log debug stderr + +## Uncomment this to start the process in the background... or use +## --runasdaemon 1 on the command line. This is ignored on Windows; +## see the FAQ entry if you want Tor to run as an NT service. +RunAsDaemon 1 +User tor +PidFile /var/run/tor/tor.pid + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +DataDirectory /var/lib/tor + +## The port on which Tor will listen for local connections from Tor +## controller applications, as documented in control-spec.txt. +#ControlPort 9051 +## If you enable the controlport, be sure to enable one of these +## authentication methods, to prevent attackers from accessing it. +#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C +#CookieAuthentication 1 + +############### This section is just for location-hidden services ### + +## Once you have configured a hidden service, you can look at the +## contents of the file ".../hidden_service/hostname" for the address +## to tell people. +## +## HiddenServicePort x y:z says to redirect requests on port x to the +## address y:z. + +#HiddenServiceDir /usr/var/lib/tor/hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 + +#HiddenServiceDir /usr/var/lib/tor/other_hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 +#HiddenServicePort 22 127.0.0.1:22 + +################ This section is just for relays ##################### +# +## See https://www.torproject.org/docs/tor-doc-relay for details. + +## Required: what port to advertise for incoming Tor connections. +#ORPort 9001 +## If you want to listen on a port other than the one advertised in +## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as +## follows. You'll need to do ipchains or other port forwarding +## yourself to make this work. +#ORPort 443 NoListen +#ORPort 127.0.0.1:9090 NoAdvertise +## If you want to listen on IPv6 your numeric address must be explictly +## between square brackets as follows. You must also listen on IPv4. +#ORPort [2001:DB8::1]:9050 + +## The IP address or full DNS name for incoming connections to your +## relay. Leave commented out and Tor will guess. +#Address noname.example.com + +## If you have multiple network interfaces, you can specify one for +## outgoing traffic to use. +## OutboundBindAddressExit will be used for all exit traffic, while +## OutboundBindAddressOR will be used for all OR and Dir connections +## (DNS connections ignore OutboundBindAddress). +## If you do not wish to differentiate, use OutboundBindAddress to +## specify the same address for both in a single line. +#OutboundBindAddressExit 10.0.0.4 +#OutboundBindAddressOR 10.0.0.5 + +## A handle for your relay, so people don't have to refer to it by key. +## Nicknames must be between 1 and 19 characters inclusive, and must +## contain only the characters [a-zA-Z0-9]. +## If not set, "Unnamed" will be used. +#Nickname ididnteditheconfig + +## Define these to limit how much relayed traffic you will allow. Your +## own traffic is still unthrottled. Note that RelayBandwidthRate must +## be at least 75 kilobytes per second. +## Note that units for these config options are bytes (per second), not +## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, +## 2^20, etc. +#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) +#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) + +## Use these to restrict the maximum traffic per day, week, or month. +## Note that this threshold applies separately to sent and received bytes, +## not to their sum: setting "40 GB" may allow up to 80 GB total before +## hibernating. +## +## Set a maximum of 40 gigabytes each way per period. +#AccountingMax 40 GBytes +## Each period starts daily at midnight (AccountingMax is per day) +#AccountingStart day 00:00 +## Each period starts on the 3rd of the month at 15:00 (AccountingMax +## is per month) +#AccountingStart month 3 15:00 + +## Administrative contact information for this relay or bridge. This line +## can be used to contact you if your relay or bridge is misconfigured or +## something else goes wrong. Note that we archive and publish all +## descriptors containing these lines and that Google indexes them, so +## spammers might also collect them. You may want to obscure the fact that +## it's an email address and/or generate a new address for this purpose. +## +## If you are running multiple relays, you MUST set this option. +## +#ContactInfo Random Person +## You might also include your PGP or GPG fingerprint if you have one: +#ContactInfo 0xFFFFFFFF Random Person + +## Uncomment this to mirror directory information for others. Please do +## if you have enough bandwidth. +#DirPort 9030 # what port to advertise for directory connections +## If you want to listen on a port other than the one advertised in +## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as +## follows. below too. You'll need to do ipchains or other port +## forwarding yourself to make this work. +#DirPort 80 NoListen +#DirPort 127.0.0.1:9091 NoAdvertise +## Uncomment to return an arbitrary blob of html on your DirPort. Now you +## can explain what Tor is if anybody wonders why your IP address is +## contacting them. See contrib/tor-exit-notice.html in Tor's source +## distribution for a sample. +#DirPortFrontPage /etc/tor/tor-exit-notice.html + +## Uncomment this if you run more than one Tor relay, and add the identity +## key fingerprint of each Tor relay you control, even if they're on +## different networks. You declare it here so Tor clients can avoid +## using more than one of your relays in a single circuit. See +## https://www.torproject.org/docs/faq#MultipleRelays +## However, you should never include a bridge's fingerprint here, as it would +## break its concealability and potentially reveal its IP/TCP address. +## +## If you are running multiple relays, you MUST set this option. +## +## Note: do not use MyFamily on bridge relays. +#MyFamily $keyid,$keyid,... + +## Uncomment this if you want your relay to be an exit, with the default +## exit policy (or whatever exit policy you set below). +## (If ReducedExitPolicy, ExitPolicy, or IPv6Exit are set, relays are exits. +## If none of these options are set, relays are non-exits.) +#ExitRelay 1 + +## Uncomment this if you want your relay to allow IPv6 exit traffic. +## (Relays do not allow any exit traffic by default.) +#IPv6Exit 1 + +## Uncomment this if you want your relay to be an exit, with a reduced set +## of exit ports. +#ReducedExitPolicy 1 + +## Uncomment these lines if you want your relay to be an exit, with the +## specified set of exit IPs and ports. +## +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. +## +## If you want to allow the same ports on IPv4 and IPv6, write your rules +## using accept/reject *. If you want to allow different ports on IPv4 and +## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules +## using accept/reject *4. +## +## If you want to _replace_ the default exit policy, end this with either a +## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) +## the default exit policy. Leave commented to just use the default, which is +## described in the man page or at +## https://www.torproject.org/documentation.html +## +## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses +## for issues you might encounter if you use the default exit policy. +## +## If certain IPs and ports are blocked externally, e.g. by your firewall, +## you should update your exit policy to reflect this -- otherwise Tor +## users will be told that those destinations are down. +## +## For security, by default Tor rejects connections to private (local) +## networks, including to the configured primary public IPv4 and IPv6 addresses, +## and any public IPv4 and IPv6 addresses on any interface on the relay. +## See the man page entry for ExitPolicyRejectPrivate if you want to allow +## "exit enclaving". +## +#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more +#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy +#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy +#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy +#ExitPolicy reject *:* # no exits allowed + +## Bridge relays (or "bridges") are Tor relays that aren't listed in the +## main directory. Since there is no complete public list of them, even an +## ISP that filters connections to all the known Tor relays probably +## won't be able to block all the bridges. Also, websites won't treat you +## differently because they won't know you're running Tor. If you can +## be a real relay, please do; but if not, be a bridge! +## +## Warning: when running your Tor as a bridge, make sure than MyFamily is +## NOT configured. +#BridgeRelay 1 +## By default, Tor will advertise your bridge to users through various +## mechanisms like https://bridges.torproject.org/. If you want to run +## a private bridge, for example because you'll give out your bridge +## address manually to your friends, uncomment this line: +#PublishServerDescriptor 0 + +## Configuration options can be imported from files or folders using the %include +## option with the value being a path. If the path is a file, the options from the +## file will be parsed as if they were written where the %include option is. If +## the path is a folder, all files on that folder will be parsed following lexical +## order. Files starting with a dot are ignored. Files on subfolders are ignored. +## The %include option can be used recursively. +#%include /etc/torrc.d/ +#%include /etc/torrc.custom +