commit: 5443c47ba7bbf6a875fd5e5e02ae93d1a3f20128 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Wed Apr 26 15:25:20 2023 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Wed Apr 26 15:25:32 2023 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5443c47b
net-vpn/tor: treeclean Bug: https://bugs.gentoo.org/903001 Upstream-PR: https://github.com/gentoo/gentoo/pull/30622 Upstream-Commit: https://github.com/gentoo/gentoo/commit/93d2cce2f2111f1c219587443a1b676ce2ff561c Signed-off-by: orbea <orbea <AT> riseup.net> net-vpn/tor/Manifest | 3 - net-vpn/tor/files/README.gentoo | 8 -- net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ----- net-vpn/tor/files/tor-0.4.6.7-libressl.patch | 123 -------------------- net-vpn/tor/files/tor.confd | 3 - net-vpn/tor/files/tor.initd-r9 | 37 ------ net-vpn/tor/files/tor.service | 38 ------- net-vpn/tor/files/torrc-r2 | 7 -- net-vpn/tor/metadata.xml | 17 --- net-vpn/tor/tor-0.4.7.13-r1.ebuild | 138 ----------------------- 10 files changed, 405 deletions(-) diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest deleted file mode 100644 index 05ebc39..0000000 --- a/net-vpn/tor/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be -DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0 -DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo deleted file mode 100644 index 35214ac..0000000 --- a/net-vpn/tor/files/README.gentoo +++ /dev/null @@ -1,8 +0,0 @@ -We created a configuration file for tor, /etc/tor/torrc, but you can -change it according to your needs. Use the torrc.sample that is in -that directory as a guide. Also, to have privoxy work with tor -just add the following line - -forward-socks4a / localhost:9050 . - -to /etc/privoxy/config. Notice the . at the end! diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch deleted file mode 100644 index 5f9e258..0000000 --- a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in ---- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400 -+++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400 -@@ -12,6 +12,11 @@ - ## Tor will look for this file in various places based on your platform: - ## https://www.torproject.org/docs/faq#torrc - -+## Default username and group the server will run as -+User tor -+ -+PIDFile /run/tor/tor.pid -+ - ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't - ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only - ## as a relay, and not make any local application connections yourself. -@@ -42,6 +47,7 @@ - #Log notice syslog - ## To send all messages to stderr: - #Log debug stderr -+Log warn syslog - - ## Uncomment this to start the process in the background... or use - ## --runasdaemon 1 on the command line. This is ignored on Windows; -@@ -51,6 +57,7 @@ - ## The directory for keeping all the keys/etc. By default, we store - ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. - #DataDirectory @LOCALSTATEDIR@/lib/tor -+DataDirectory /var/lib/tor/data - - ## The port on which Tor will listen for local connections from Tor - ## controller applications, as documented in control-spec.txt. diff --git a/net-vpn/tor/files/tor-0.4.6.7-libressl.patch b/net-vpn/tor/files/tor-0.4.6.7-libressl.patch deleted file mode 100644 index d481ae2..0000000 --- a/net-vpn/tor/files/tor-0.4.6.7-libressl.patch +++ /dev/null @@ -1,123 +0,0 @@ -Fix build with opaque structs in LibreSSL 3.5 - -Index: src/lib/tls/x509_openssl.c ---- a/src/lib/tls/x509_openssl.c.orig -+++ b/src/lib/tls/x509_openssl.c -@@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity, - cert_key = X509_get_pubkey(cert->cert); - if (check_rsa_1024 && cert_key) { - RSA *rsa = EVP_PKEY_get1_RSA(cert_key); --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - if (rsa && RSA_bits(rsa) == 1024) { - #else - if (rsa && BN_num_bits(rsa->n) == 1024) { -Fix build with opaque structs in LibreSSL 3.5 - -Index: src/lib/crypt_ops/crypto_rsa_openssl.c ---- a/src/lib/crypt_ops/crypto_rsa_openssl.c.orig -+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c -@@ -47,7 +47,7 @@ struct crypto_pk_t - int - crypto_pk_key_is_private(const crypto_pk_t *k) - { --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - if (!k || !k->key) - return 0; - -@@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env) - - const BIGNUM *e; - --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - const BIGNUM *n, *d; - RSA_get0_key(env->key, &n, &e, &d); - #else -@@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_ - const BIGNUM *a_n, *a_e; - const BIGNUM *b_n, *b_e; - --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - const BIGNUM *a_d, *b_d; - RSA_get0_key(a->key, &a_n, &a_e, &a_d); - RSA_get0_key(b->key, &b_n, &b_e, &b_d); -@@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env) - tor_assert(env); - tor_assert(env->key); - --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - /* It's so stupid that there's no other way to check that n is valid - * before calling RSA_bits(). - */ -@@ -572,7 +572,7 @@ static bool - rsa_private_key_too_long(RSA *rsa, int max_bits) - { - const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - - #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) - n = RSA_get0_n(rsa); -Fix build with opaque structs in LibreSSL 3.5 - -Index: src/lib/crypt_ops/crypto_dh_openssl.c ---- a/src/lib/crypt_ops/crypto_dh_openssl.c.orig -+++ b/src/lib/crypt_ops/crypto_dh_openssl.c -@@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU - /* Copy into a temporary DH object, just so that DH_check() can be called. */ - if (!(dh = DH_new())) - goto out; --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - BIGNUM *dh_p, *dh_g; - if (!(dh_p = BN_dup(p))) - goto out; -@@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g) - goto err; - } - --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - - if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) { - goto err; -@@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh) - int - crypto_dh_generate_public(crypto_dh_t *dh) - { --#ifndef OPENSSL_1_1_API -+#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER) - again: - #endif - if (!DH_generate_key(dh->dh)) { -@@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh) - return -1; - /* LCOV_EXCL_STOP */ - } --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without - * recreating the DH object. I have no idea what sort of aliasing madness - * can occur here, so do the check, and just bail on failure. -@@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si - - const BIGNUM *dh_pub; - --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - const BIGNUM *dh_priv; - DH_get0_key(dh->dh, &dh_pub, &dh_priv); - #else -@@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si - if (crypto_dh_generate_public(dh)<0) - return -1; - else { --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - DH_get0_key(dh->dh, &dh_pub, &dh_priv); - #else - dh_pub = dh->dh->pub_key; diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd deleted file mode 100644 index 4195bf3..0000000 --- a/net-vpn/tor/files/tor.confd +++ /dev/null @@ -1,3 +0,0 @@ -# -# Set the file limit -rc_ulimit="-n 30000" diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9 deleted file mode 100644 index c1639c2..0000000 --- a/net-vpn/tor/files/tor.initd-r9 +++ /dev/null @@ -1,37 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -command=/usr/bin/tor -pidfile=/run/tor/tor.pid -command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\"" -retry=${GRACEFUL_TIMEOUT:-60} -stopsig=INT -command_progress=yes - -extra_commands="checkconfig" -extra_started_commands="reload" -description="Anonymizing overlay network for TCP" -description_checkconfig="Check for valid config file" -description_reload="Reload the configuration" - -checkconfig() { - ${command} --verify-config --hush > /dev/null 2>&1 - if [ $? -ne 0 ] ; then - eerror "Tor configuration (/etc/tor/torrc) is not valid." - eerror "Example is in /etc/tor/torrc.sample" - return 1 - fi -} - -start_pre() { - checkconfig || return 1 - checkpath -d -m 0755 -o tor:tor /run/tor -} - -reload() { - checkconfig || return 1 - ebegin "Reloading Tor configuration" - start-stop-daemon -s HUP --pidfile ${pidfile} - eend $? -} diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service deleted file mode 100644 index 1663824..0000000 --- a/net-vpn/tor/files/tor.service +++ /dev/null @@ -1,38 +0,0 @@ -# tor.service -- this systemd configuration file for Tor sets up a -# relatively conservative, hardened Tor service. You may need to -# edit it if you are making changes to your Tor configuration that it -# does not allow. Package maintainers: this should be a starting point -# for your tor.service; it is not the last point. - -[Unit] -Description=Anonymizing overlay network for TCP -After=syslog.target network.target nss-lookup.target - -[Service] -Type=notify -NotifyAccess=all -ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config -ExecStart=/usr/bin/tor -f /etc/tor/torrc -ExecReload=/bin/kill -HUP ${MAINPID} -KillSignal=SIGINT -TimeoutSec=60 -Restart=on-failure -WatchdogSec=1m -LimitNOFILE=32768 - -# Hardening -Group=tor -RuntimeDirectory=tor -RuntimeDirectoryMode=0770 -PrivateTmp=yes -PrivateDevices=yes -ProtectHome=yes -ProtectSystem=full -ReadOnlyDirectories=/ -ReadWriteDirectories=-/var/lib/tor -ReadWriteDirectories=-/var/log/tor -NoNewPrivileges=yes -CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE - -[Install] -WantedBy=multi-user.target diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2 deleted file mode 100644 index b308104..0000000 --- a/net-vpn/tor/files/torrc-r2 +++ /dev/null @@ -1,7 +0,0 @@ -# -# Minimal torrc so tor will work out of the box -# -User tor -PIDFile /run/tor/tor.pid -Log notice syslog -DataDirectory /var/lib/tor/data diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml deleted file mode 100644 index fcc4644..0000000 --- a/net-vpn/tor/metadata.xml +++ /dev/null @@ -1,17 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> -<pkgmetadata> - <maintainer type="person"> - <email>a...@gentoo.org</email> - <name>John Helmert III</name> - </maintainer> - <maintainer type="person"> - <email>s...@gentoo.org</email> - <name>Sam James</name> - </maintainer> - <use> - <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag> - <flag name="server">Enable tor's relay module so it can operate as a relay/bridge/authority</flag> - <flag name="tor-hardening">Compile tor with hardening on vanilla compilers/linkers</flag> - </use> -</pkgmetadata> diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild deleted file mode 100644 index f9b6f8e..0000000 --- a/net-vpn/tor/tor-0.4.7.13-r1.ebuild +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..11} ) -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc -inherit python-any-r1 readme.gentoo-r1 systemd verify-sig - -MY_PV="$(ver_rs 4 -)" -MY_PF="${PN}-${MY_PV}" -DESCRIPTION="Anonymizing overlay network for TCP" -HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"; -SRC_URI=" - https://www.torproject.org/dist/${MY_PF}.tar.gz - https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz - verify-sig? ( - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc - ) -" -S="${WORKDIR}/${MY_PF}" - -LICENSE="BSD GPL-2" -SLOT="0" -if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos" -fi -IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/libevent-2.1.12-r1:=[ssl] - sys-libs/zlib - caps? ( sys-libs/libcap ) - man? ( app-text/asciidoc ) - dev-libs/openssl:=[-bindist(-)] - lzma? ( app-arch/xz-utils ) - scrypt? ( app-crypt/libscrypt ) - seccomp? ( >=sys-libs/libseccomp-2.4.1 ) - systemd? ( sys-apps/systemd ) - zstd? ( app-arch/zstd ) -" -RDEPEND=" - acct-user/tor - acct-group/tor - ${DEPEND} - selinux? ( sec-policy/selinux-tor ) -" -DEPEND+=" - test? ( - ${DEPEND} - ${PYTHON_DEPS} - ) -" -BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )" - -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.4.6.7-libressl.patch - "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_unpack() { - if use verify-sig; then - cd "${DISTDIR}" || die - verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} - verify-sig_verify_unsigned_checksums \ - ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz - cd "${WORKDIR}" || die - fi - - default -} - -src_prepare() { - default - - # Running shellcheck automagically isn't useful for ebuild testing. - echo "exit 0" > scripts/maint/checkShellScripts.sh || die -} - -src_configure() { - use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) - - export ac_cv_lib_cap_cap_init=$(usex caps) - export tor_cv_PYTHON="${EPYTHON}" - - local myeconfargs=( - --localstatedir="${EPREFIX}/var" - --disable-all-bugs-are-fatal - --enable-system-torrc - --disable-android - --disable-coverage - --disable-html-manual - --disable-libfuzzer - --enable-missing-doc-warnings - --disable-module-dirauth - --enable-pic - --disable-restart-debugging - --disable-zstd-advanced-apis - $(use_enable man asciidoc) - $(use_enable man manpage) - $(use_enable lzma) - $(use_enable scrypt libscrypt) - $(use_enable seccomp) - $(use_enable server module-relay) - $(use_enable systemd) - $(use_enable tor-hardening gcc-hardening) - $(use_enable tor-hardening linker-hardening) - $(use_enable test unittests) - $(use_enable zstd) - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - readme.gentoo_create_doc - - newconfd "${FILESDIR}"/tor.confd tor - newinitd "${FILESDIR}"/tor.initd-r9 tor - systemd_dounit "${FILESDIR}"/tor.service - - keepdir /var/lib/tor - - fperms 750 /var/lib/tor - fowners tor:tor /var/lib/tor - - insinto /etc/tor/ - newins "${FILESDIR}"/torrc-r2 torrc -}
