summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-05-07 13:50:28 +0100
committerdavidovski <david@davidovski.xyz>2022-05-07 13:50:28 +0100
commit213021de0aaf5439db7d58ca1447db4ae6af92be (patch)
treea2adcfe44a186f9a61b92c5ca80d38b6f4017fa0
parentfd7adb2f3a9d9d239c90742366aec369966a3a03 (diff)
added tor and xss-lock
-rw-r--r--build.log42
-rw-r--r--repo/devel/libunwind/libcxx-musl.patch28
-rw-r--r--repo/devel/libunwind/libunwind-link-libssp.patch20
-rw-r--r--repo/devel/libunwind/libunwind.xibuild48
-rw-r--r--repo/devel/libunwind/toolchain-libunwind.xibuild0
-rw-r--r--repo/linux/linux-headers/toolchain-linux-headers.xibuild0
-rw-r--r--repo/system/libcxx/toolchain-libcxx.xibuild0
-rw-r--r--repo/system/musl/toolchain-musl.xibuild15
-rw-r--r--repo/util/pdfgrep/pdfgrep.xibuild23
-rw-r--r--repo/util/tor/0002-disable-wildcard-escaping-test_patch25
-rw-r--r--repo/util/tor/0003-disable-sandbox_chown_filename-test_patch36
-rw-r--r--repo/util/tor/0004-disable-more-sandbox-tests_patch120
-rw-r--r--repo/util/tor/tor.confd13
-rw-r--r--repo/util/tor/tor.initd92
-rw-r--r--repo/util/tor/tor.xibuild44
-rw-r--r--repo/util/tor/torrc.sample.patch27
-rw-r--r--repo/x11/xss-lock/xss-lock.xibuild23
17 files changed, 556 insertions, 0 deletions
diff --git a/build.log b/build.log
new file mode 100644
index 0000000..0fe44e5
--- /dev/null
+++ b/build.log
@@ -0,0 +1,42 @@
+
+Cloning into '.'...
+Your branch is up to date with 'origin/master'.
+to install to /var/lib/xibuild/build/xipkg/xss-lock
+============xss-lock=============
+==========================build stage==========================
+-- The C compiler identification is GNU 11.2.0
+-- Detecting C compiler ABI info
+-- Detecting C compiler ABI info - done
+-- Check for working C compiler: /bin/cc - skipped
+-- Detecting C compile features
+-- Detecting C compile features - done
+-- Found PkgConfig: /bin/pkg-config (found version "0.29.2")
+-- Checking for modules 'glib-2.0>=2.32;gio-unix-2.0'
+-- Found glib-2.0, version 2.72.1
+-- Found gio-unix-2.0, version 2.72.1
+-- Checking for modules 'xcb;xcb-aux;xcb-event;xcb-screensaver'
+-- Found xcb, version 1.14
+-- Found xcb-aux, version 0.4.0
+-- Found xcb-event, version 0.4.0
+-- Found xcb-screensaver, version 1.14
+-- Configuring done
+-- Generating done
+-- Build files have been written to: /var/lib/xibuild/build/build
+[ 25%] Generating xss-lock.1
+[ 50%] Building C object src/CMakeFiles/xss-lock.dir/xcb_utils.c.o
+[ 75%] Building C object src/CMakeFiles/xss-lock.dir/xss-lock.c.o
+[ 75%] Built target man
+[100%] Linking C executable xss-lock
+[100%] Built target xss-lock
+==========================package stage==========================
+-- Install configuration: ""
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/NEWS
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/bin/xss-lock
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/man/man1/xss-lock.1
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/dim-screen.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/xdg-screensaver.patch
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/transfer-sleep-lock-i3lock.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/transfer-sleep-lock-generic-delay.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/zsh/site-functions/_xss-lock
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/bash-completion/completions/xss-lock
+checking for postinstall... no postinstall
diff --git a/repo/devel/libunwind/libcxx-musl.patch b/repo/devel/libunwind/libcxx-musl.patch
new file mode 100644
index 0000000..358d4a3
--- /dev/null
+++ b/repo/devel/libunwind/libcxx-musl.patch
@@ -0,0 +1,28 @@
+Patch-Source: https://github.com/void-linux/void-packages/blob/74f16232621ca8dfb6d244beff1df35a6df1647f/srcpkgs/llvm12/patches/libcxx-musl.patch
+
+--- a/libcxx/include/locale
++++ b/libcxx/include/locale
+@@ -742,7 +742,11 @@ __num_get_signed_integral(const char* __a, const char* __a_end,
+ typename remove_reference<decltype(errno)>::type __save_errno = errno;
+ errno = 0;
+ char *__p2;
++#if defined(__linux__) && !defined(__GLIBC__)
++ long long __ll = strtoll(__a, &__p2, __base);
++#else
+ long long __ll = strtoll_l(__a, &__p2, __base, _LIBCPP_GET_C_LOCALE);
++#endif
+ typename remove_reference<decltype(errno)>::type __current_errno = errno;
+ if (__current_errno == 0)
+ errno = __save_errno;
+@@ -782,7 +786,11 @@ __num_get_unsigned_integral(const char* __a, const char* __a_end,
+ typename remove_reference<decltype(errno)>::type __save_errno = errno;
+ errno = 0;
+ char *__p2;
++#if defined(__linux__) && !defined(__GLIBC__)
++ unsigned long long __ll = strtoull(__a, &__p2, __base);
++#else
+ unsigned long long __ll = strtoull_l(__a, &__p2, __base, _LIBCPP_GET_C_LOCALE);
++#endif
+ typename remove_reference<decltype(errno)>::type __current_errno = errno;
+ if (__current_errno == 0)
+ errno = __save_errno;
diff --git a/repo/devel/libunwind/libunwind-link-libssp.patch b/repo/devel/libunwind/libunwind-link-libssp.patch
new file mode 100644
index 0000000..ae819fe
--- /dev/null
+++ b/repo/devel/libunwind/libunwind-link-libssp.patch
@@ -0,0 +1,20 @@
+--- a/libunwind/src/CMakeLists.txt
++++ b/libunwind/src/CMakeLists.txt
+@@ -129,7 +129,7 @@
+ else()
+ target_compile_options(unwind_shared PRIVATE -fno-rtti)
+ endif()
+- target_link_libraries(unwind_shared PRIVATE ${LIBUNWIND_LIBRARIES})
++ target_link_libraries(unwind_shared PRIVATE ${LIBUNWIND_LIBRARIES} -lssp_nonshared)
+ set_target_properties(unwind_shared
+ PROPERTIES
+ CXX_EXTENSIONS OFF
+@@ -157,7 +157,7 @@
+ else()
+ target_compile_options(unwind_static PRIVATE -fno-rtti)
+ endif()
+- target_link_libraries(unwind_static PRIVATE ${LIBUNWIND_LIBRARIES})
++ target_link_libraries(unwind_static PRIVATE ${LIBUNWIND_LIBRARIES} -lssp_nonshared)
+ set_target_properties(unwind_static
+ PROPERTIES
+ CXX_EXTENSIONS OFF
diff --git a/repo/devel/libunwind/libunwind.xibuild b/repo/devel/libunwind/libunwind.xibuild
new file mode 100644
index 0000000..067a91d
--- /dev/null
+++ b/repo/devel/libunwind/libunwind.xibuild
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+NAME="libunwind"
+DESC="LLVM version of libunwind library"
+
+MAKEDEPS="cmake "
+DEPS="musl "
+
+PKG_VER=13.0.0
+SOURCE="https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/libunwind-$PKG_VER.src.tar.xz"
+
+ADDITIONAL="
+ https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/llvm-$PKG_VER.src.tar.xz
+ https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/libcxx-$PKG_VER.src.tar.xz
+ libunwind-link-libssp.patch
+ libcxx-musl.patch
+"
+
+prepare () {
+ tar xvf libunwind-$PKG_VER.src.tar.xz
+ tar xvf llvm-$PKG_VER.src.tar.xz
+ tar xvf libcxx-$PKG_VER.src.tar.xz
+ mv libunwind-$PKG_VER.src libunwind
+ mv llvm-$PKG_VER.src llvm
+ mv libcxx-$PKG_VER.src libcxx
+
+ apply_patches
+}
+
+build () {
+ cmake -B build -G Ninja -S libunwind \
+ -DCMAKE_BUILD_TYPE=MinSizeRel \
+ -DCMAKE_C_FLAGS_MINSIZEREL_INIT="$CFLAGS" \
+ -DCMAKE_CXX_FLAGS_MINSIZEREL_INIT="$CXXFLAGS" \
+ -DCMAKE_EXE_LINKER_FLAGS_MINSIZEREL_INIT="$LDFLAGS" \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DLIBUNWIND_HAS_NODEFAULTLIBS_FLAG=OFF \
+ -DLIBUNWIND_STANDALONE_BUILD=ON
+ cmake --build build
+}
+
+package () {
+ DESTDIR="$PKG_DEST" cmake --install build
+ mkdir -p "$PKG_DEST"/usr/include/mach-o
+ cp libunwind/include/*.h "$PKG_DEST"/usr/include/
+ cp libunwind/include/mach-o/*.h "$PKG_DEST"/usr/include/mach-o/
+
+}
diff --git a/repo/devel/libunwind/toolchain-libunwind.xibuild b/repo/devel/libunwind/toolchain-libunwind.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/devel/libunwind/toolchain-libunwind.xibuild
diff --git a/repo/linux/linux-headers/toolchain-linux-headers.xibuild b/repo/linux/linux-headers/toolchain-linux-headers.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/linux/linux-headers/toolchain-linux-headers.xibuild
diff --git a/repo/system/libcxx/toolchain-libcxx.xibuild b/repo/system/libcxx/toolchain-libcxx.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/system/libcxx/toolchain-libcxx.xibuild
diff --git a/repo/system/musl/toolchain-musl.xibuild b/repo/system/musl/toolchain-musl.xibuild
new file mode 100644
index 0000000..ed46c6e
--- /dev/null
+++ b/repo/system/musl/toolchain-musl.xibuild
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+DESC="$DESC - for xibuild toolchain"
+
+build () {
+ export CXX=clang++
+ export CC=clang
+
+ CC=$CC CXX=$CXX ./configure --prefix=/
+ make
+}
+
+package () {
+ make install DESTDIR=$PKG_DEST
+}
diff --git a/repo/util/pdfgrep/pdfgrep.xibuild b/repo/util/pdfgrep/pdfgrep.xibuild
new file mode 100644
index 0000000..d4f5362
--- /dev/null
+++ b/repo/util/pdfgrep/pdfgrep.xibuild
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+NAME="pdfgrep"
+DESC="Commandline utility to search text in PDF files"
+
+MAKEDEPS="make "
+DEPS="musl pcre poppler "
+
+PKG_VER=2.1.2
+SOURCE="https://pdfgrep.org/download/pdfgrep-$PKG_VER.tar.gz"
+
+build () {
+ ./configure \
+ --prefix=/usr \
+ --bindir=/usr/bin \
+ --sysconfdir=/etc \
+ --disable-static
+ make
+}
+
+package () {
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/util/tor/0002-disable-wildcard-escaping-test_patch b/repo/util/tor/0002-disable-wildcard-escaping-test_patch
new file mode 100644
index 0000000..ee4f280
--- /dev/null
+++ b/repo/util/tor/0002-disable-wildcard-escaping-test_patch
@@ -0,0 +1,25 @@
+This will only fail on aarch64 and s390x, for some reason.
+--- a/src/test/test_util.c
++++ b/src/test/test_util.c
+@@ -4633,21 +4633,6 @@ test_util_glob(void *ptr)
+ TEST("file1"PATH_SEPARATOR"*");
+ EXPECT_EMPTY();
+
+-#ifndef _WIN32
+- // test wildcard escaping
+- TEST("\\*");
+- EXPECT_EMPTY();
+-
+- if (getuid() != 0) {
+- // test forbidden directory, if we're not root.
+- // (Root will be able to see this directory anyway.)
+- tor_asprintf(&pattern, "%s"PATH_SEPARATOR"*"PATH_SEPARATOR"*", dirname);
+- results = tor_glob(pattern);
+- tor_free(pattern);
+- tt_assert(!results);
+- }
+-#endif /* !defined(_WIN32) */
+-
+ #undef TEST
+ #undef EXPECT
+ #undef EXPECT_EMPTY
diff --git a/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch b/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch
new file mode 100644
index 0000000..3140139
--- /dev/null
+++ b/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch
@@ -0,0 +1,36 @@
+This test fail on armhf, armv7 and aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -193,24 +193,6 @@ test_sandbox_chmod_filename(void *arg)
+ }
+
+ static void
+-test_sandbox_chown_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- int rc, errsv;
+-
+- if (chown(sandbox_intern_string(data->file_ops_allowed), -1, -1) != 0)
+- tt_abort_perror("chown");
+-
+- rc = chown(data->file_ops_blocked, -1, -1);
+- errsv = errno;
+- tt_int_op(rc, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- (void)0;
+-}
+-
+-static void
+ test_sandbox_rename_filename(void *arg)
+ {
+ sandbox_data_t *data = arg;
+@@ -327,7 +309,6 @@ struct testcase_t sandbox_tests[] = {
+
+ SANDBOX_TEST_IN_SANDBOX(openat_filename),
+ SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+- SANDBOX_TEST_IN_SANDBOX(chown_filename),
+ SANDBOX_TEST_IN_SANDBOX(rename_filename),
+
+ /* Currently the sandbox is unable to filter stat() calls on systems where
diff --git a/repo/util/tor/0004-disable-more-sandbox-tests_patch b/repo/util/tor/0004-disable-more-sandbox-tests_patch
new file mode 100644
index 0000000..7359b23
--- /dev/null
+++ b/repo/util/tor/0004-disable-more-sandbox-tests_patch
@@ -0,0 +1,120 @@
+These tests fail on aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored)
+ }
+
+ static void
+-test_sandbox_open_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- int fd, errsv;
+-
+- fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY);
+- if (fd == -1)
+- tt_abort_perror("open");
+- close(fd);
+-
+- /* It might be nice to use sandbox_intern_string() in the line below as well
+- * (and likewise in the test cases that follow) but this would require
+- * capturing the warning message it logs, and the mechanism for doing so
+- * relies on system calls that are normally blocked by the sandbox and may
+- * vary across architectures. */
+- fd = open(data->file_ops_blocked, O_RDONLY);
+- errsv = errno;
+- tt_int_op(fd, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- if (fd >= 0)
+- close(fd);
+-}
+-
+-static void
+-test_sandbox_chmod_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- int rc, errsv;
+-
+- if (chmod(sandbox_intern_string(data->file_ops_allowed),
+- S_IRUSR | S_IWUSR) != 0)
+- tt_abort_perror("chmod");
+-
+- rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR);
+- errsv = errno;
+- tt_int_op(rc, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- (void)0;
+-}
+-
+-static void
+-test_sandbox_rename_filename(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- const char *fname_old = sandbox_intern_string(data->file_ops_allowed),
+- *fname_new = sandbox_intern_string(data->file_rename_target_allowed);
+- int rc, errsv;
+-
+- if (rename(fname_old, fname_new) != 0)
+- tt_abort_perror("rename");
+-
+- rc = rename(fname_new, fname_old);
+- errsv = errno;
+- tt_int_op(rc, OP_EQ, -1);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- (void)0;
+-}
+-
+-static void
+ test_sandbox_openat_filename(void *arg)
+ {
+ sandbox_data_t *data = arg;
+@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg)
+ }
+
+ static void
+-test_sandbox_opendir_dirname(void *arg)
+-{
+- sandbox_data_t *data = arg;
+- DIR *dir;
+- int errsv;
+-
+- dir = opendir(sandbox_intern_string(data->dir_ops_allowed));
+- if (dir == NULL)
+- tt_abort_perror("opendir");
+- closedir(dir);
+-
+- dir = opendir(data->dir_ops_blocked);
+- errsv = errno;
+- tt_ptr_op(dir, OP_EQ, NULL);
+- tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+- if (dir)
+- closedir(dir);
+-}
+-
+-static void
+ test_sandbox_stat_filename(void *arg)
+ {
+ sandbox_data_t *data = arg;
+@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = {
+ #ifdef ENABLE_FRAGILE_HARDENING
+ SANDBOX_TEST_SKIPPED(open_filename),
+ SANDBOX_TEST_SKIPPED(opendir_dirname),
+-#else
+- SANDBOX_TEST_IN_SANDBOX(open_filename),
+- SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
+ #endif /* defined(ENABLE_FRAGILE_HARDENING) */
+
+- SANDBOX_TEST_IN_SANDBOX(openat_filename),
+- SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+- SANDBOX_TEST_IN_SANDBOX(rename_filename),
+-
+ /* Currently the sandbox is unable to filter stat() calls on systems where
+ * glibc implements this function using either of the legacy "stat" or "stat64"
+ * system calls, or (in glibc version 2.33 and later) either of the newer
diff --git a/repo/util/tor/tor.confd b/repo/util/tor/tor.confd
new file mode 100644
index 0000000..38a482c
--- /dev/null
+++ b/repo/util/tor/tor.confd
@@ -0,0 +1,13 @@
+# Location of the torrc configuration file.
+#conffile="/etc/tor/torrc"
+
+# User to start the tor daemon.
+# If "User" directive is set in $conffile, then this option is ignored (i.e.
+# tor is started under root, but it setuids to the specified User after start).
+#user="tor"
+
+# Timeout for gracefulstop
+#graceful_timeout="60"
+
+# Set the file limit
+rc_ulimit="-n 30000"
diff --git a/repo/util/tor/tor.initd b/repo/util/tor/tor.initd
new file mode 100644
index 0000000..db8b2cf
--- /dev/null
+++ b/repo/util/tor/tor.initd
@@ -0,0 +1,92 @@
+#!/sbin/openrc-run
+
+: ${conffile:="/etc/tor/torrc"}
+: ${user:="tor"}
+: ${graceful_timeout:="${GRACEFUL_TIMEOUT:-60}"}
+
+command="/usr/bin/tor"
+command_args="-f $conffile --runasdaemon 0"
+command_background="yes"
+start_stop_daemon_args="--chdir /var/lib/tor"
+pidfile="/run/tor/tor.pid"
+
+extra_commands="checkconfig"
+extra_started_commands="gracefulstop reload"
+
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check if config file is valid."
+description_reload="Reload the configuration."
+# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
+description_gracefulstop="Gracefully stop (wait $gracefulstop until all connections are properly closed)."
+
+
+depend() {
+ need net
+}
+
+checkconfig() {
+ # First check that it exists.
+ if [ ! -f "$conffile" ] ; then
+ eerror "You need to setup $conffile first, see $conffile.sample for example"
+ return 1
+ fi
+
+ # Now verify whether the configuration is valid.
+ # If User directive is set in $conffile, then we must run tor as root,
+ # even --verify-config, otherwise it fails when verifying permissions
+ # of DataDirectory.
+ if conf_has User; then
+ local user="root"
+ fi
+ local out
+ out="$(su -s /bin/sh -c "$command $command_args --verify-config" $user 2>&1)" || {
+ eerror "Tor configuration $conffile is not valid"
+ printf '%s\n' "$out"
+ return 1
+ }
+}
+
+start_pre() {
+ checkconfig || return 1
+
+ # If User directive is set in $conffile, start tor as root and let it
+ # drop privileges itself (may be needed e.g. to bind to a privileged
+ # port). Otherwise run tor as $user (recommended).
+ if conf_has User; then
+ local user="$(conf_get User)"
+ else
+ start_stop_daemon_args="$start_stop_daemon_args --user $user"
+ fi
+
+ if conf_has DataDirectory; then
+ checkpath -d -m 0700 -o "$user" "$(conf_get DataDirectory)"
+ fi
+ checkpath -d -m 0755 -o "$user" "$(dirname "$pidfile")"
+}
+
+gracefulstop() {
+ ebegin "Gracefully stopping Tor, this can take up to $graceful_timeout seconds"
+ start-stop-daemon --stop \
+ --progress \
+ --signal INT \
+ --retry $graceful_timeout \
+ --pidfile "$pidfile" \
+ --exec $command -- $command_args
+ eend $?
+}
+
+reload() {
+ start_pre || return 1
+
+ ebegin "Reloading Tor configuration"
+ start-stop-daemon --signal HUP --pidfile "$pidfile"
+ eend $?
+}
+
+conf_get() {
+ sed -n "s/^\s*$1 \([^#]*\)/\1/p" "$conffile"
+}
+
+conf_has() {
+ grep -q "^\s*$1 " "$conffile"
+}
diff --git a/repo/util/tor/tor.xibuild b/repo/util/tor/tor.xibuild
new file mode 100644
index 0000000..92b719d
--- /dev/null
+++ b/repo/util/tor/tor.xibuild
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+NAME="tor"
+DESC="Anonymous network connectivity"
+
+MAKEDEPS="make "
+DEPS="libcap libseccomp libevent openssl cacerts zlib xz zstd "
+
+PKG_VER=0.4.7.7
+SOURCE="https://www.torproject.org/dist/tor-$PKG_VER.tar.gz"
+ADDITIONAL="torrc.sample.patch tor.initd tor.confd"
+
+prepare () {
+ apply_patches
+}
+
+build () {
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/share/man \
+ --disable-html-manual
+ make
+
+}
+
+package () {
+ make DESTDIR="$PKG_DEST" install
+
+ install -dm0755 -o "tor" \
+ "$PKG_DEST"/var/lib/"tor" \
+ "$PKG_DEST"/var/log/"tor"
+
+ install -Dm0755 "tor".initd \
+ "$PKG_DEST"/etc/init.d/"tor"
+ install -Dm0644 "tor".confd \
+ "$PKG_DEST"/etc/conf.d/"tor"
+}
+
+postinstall () {
+ adduser -S -D -H -h /var/lib/tor -s /sbin/nologin -g tor tor 2>/dev/null
+ exit 0
+}
diff --git a/repo/util/tor/torrc.sample.patch b/repo/util/tor/torrc.sample.patch
new file mode 100644
index 0000000..3360e98
--- /dev/null
+++ b/repo/util/tor/torrc.sample.patch
@@ -0,0 +1,27 @@
+--- a/src/config/torrc.sample.in
++++ b/src/config/torrc.sample.in
+@@ -35,7 +35,7 @@
+ ## may provide sensitive information to an attacker who obtains the logs.
+ ##
+ ## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log
+-#Log notice file @LOCALSTATEDIR@/log/tor/notices.log
++Log notice file @LOCALSTATEDIR@/log/tor/notices.log
+ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+ #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+ ## Use the system log instead of Tor's logfiles
+@@ -43,14 +43,9 @@
+ ## To send all messages to stderr:
+ #Log debug stderr
+
+-## Uncomment this to start the process in the background... or use
+-## --runasdaemon 1 on the command line. This is ignored on Windows;
+-## see the FAQ entry if you want Tor to run as an NT service.
+-#RunAsDaemon 1
+-
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+-#DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory @LOCALSTATEDIR@/lib/tor
+
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
diff --git a/repo/x11/xss-lock/xss-lock.xibuild b/repo/x11/xss-lock/xss-lock.xibuild
new file mode 100644
index 0000000..5320bed
--- /dev/null
+++ b/repo/x11/xss-lock/xss-lock.xibuild
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+NAME="xss-lock"
+DESC="Use external locker as X screen saver"
+
+MAKEDEPS="cmake "
+DEPS="glib xcb-util "
+
+PKG_VER=0.3.0
+SOURCE="https://bitbucket.org/raymonad/xss-lock/get/v$PKG_VER.tar.gz"
+
+build () {
+ cmake -B build \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=/usr/lib \
+ -DBUILD_SHARED_LIBS=True \
+ -DBUILD_STATIC_LIBS=OFF
+ cmake --build build
+}
+
+package () {
+ DESTDIR="$PKG_DEST" cmake --install build
+}