added tor and xss-lock

17 files changed, 556 insertions, 0 deletions

diff --git a/build.log b/build.log
new file mode 100644
index 0000000..0fe44e5
--- /dev/null
+++ b/build.log
@@ -0,0 +1,42 @@
+
+Cloning into '.'...
+Your branch is up to date with 'origin/master'.
+to install to /var/lib/xibuild/build/xipkg/xss-lock
+============xss-lock=============
+==========================build stage==========================
+-- The C compiler identification is GNU 11.2.0
+-- Detecting C compiler ABI info
+-- Detecting C compiler ABI info - done
+-- Check for working C compiler: /bin/cc - skipped
+-- Detecting C compile features
+-- Detecting C compile features - done
+-- Found PkgConfig: /bin/pkg-config (found version "0.29.2") 
+-- Checking for modules 'glib-2.0>=2.32;gio-unix-2.0'
+--   Found glib-2.0, version 2.72.1
+--   Found gio-unix-2.0, version 2.72.1
+-- Checking for modules 'xcb;xcb-aux;xcb-event;xcb-screensaver'
+--   Found xcb, version 1.14
+--   Found xcb-aux, version 0.4.0
+--   Found xcb-event, version 0.4.0
+--   Found xcb-screensaver, version 1.14
+-- Configuring done
+-- Generating done
+-- Build files have been written to: /var/lib/xibuild/build/build
+[ 25%] Generating xss-lock.1
+[ 50%] Building C object src/CMakeFiles/xss-lock.dir/xcb_utils.c.o
+[ 75%] Building C object src/CMakeFiles/xss-lock.dir/xss-lock.c.o
+[ 75%] Built target man
+[100%] Linking C executable xss-lock
+[100%] Built target xss-lock
+==========================package stage==========================
+-- Install configuration: ""
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/NEWS
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/bin/xss-lock
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/man/man1/xss-lock.1
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/dim-screen.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/xdg-screensaver.patch
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/transfer-sleep-lock-i3lock.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/doc/xss-lock/transfer-sleep-lock-generic-delay.sh
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/zsh/site-functions/_xss-lock
+-- Installing: /var/lib/xibuild/build/xipkg/xss-lock/usr/share/bash-completion/completions/xss-lock
+checking for postinstall... no postinstall
diff --git a/repo/devel/libunwind/libcxx-musl.patch b/repo/devel/libunwind/libcxx-musl.patch
new file mode 100644
index 0000000..358d4a3
--- /dev/null
+++ b/repo/devel/libunwind/libcxx-musl.patch
@@ -0,0 +1,28 @@
+Patch-Source: https://github.com/void-linux/void-packages/blob/74f16232621ca8dfb6d244beff1df35a6df1647f/srcpkgs/llvm12/patches/libcxx-musl.patch
+
+--- a/libcxx/include/locale
++++ b/libcxx/include/locale
+@@ -742,7 +742,11 @@ __num_get_signed_integral(const char* __a, const char* __a_end,
+         typename remove_reference<decltype(errno)>::type __save_errno = errno;
+         errno = 0;
+         char *__p2;
++#if defined(__linux__) && !defined(__GLIBC__)
++        long long __ll = strtoll(__a, &__p2, __base);
++#else
+         long long __ll = strtoll_l(__a, &__p2, __base, _LIBCPP_GET_C_LOCALE);
++#endif
+         typename remove_reference<decltype(errno)>::type __current_errno = errno;
+         if (__current_errno == 0)
+             errno = __save_errno;
+@@ -782,7 +786,11 @@ __num_get_unsigned_integral(const char* __a, const char* __a_end,
+         typename remove_reference<decltype(errno)>::type __save_errno = errno;
+         errno = 0;
+         char *__p2;
++#if defined(__linux__) && !defined(__GLIBC__)
++        unsigned long long __ll = strtoull(__a, &__p2, __base);
++#else
+         unsigned long long __ll = strtoull_l(__a, &__p2, __base, _LIBCPP_GET_C_LOCALE);
++#endif
+         typename remove_reference<decltype(errno)>::type __current_errno = errno;
+         if (__current_errno == 0)
+             errno = __save_errno;
diff --git a/repo/devel/libunwind/libunwind-link-libssp.patch b/repo/devel/libunwind/libunwind-link-libssp.patch
new file mode 100644
index 0000000..ae819fe
--- /dev/null
+++ b/repo/devel/libunwind/libunwind-link-libssp.patch
@@ -0,0 +1,20 @@
+--- a/libunwind/src/CMakeLists.txt
++++ b/libunwind/src/CMakeLists.txt
+@@ -129,7 +129,7 @@
+   else()
+     target_compile_options(unwind_shared PRIVATE -fno-rtti)
+   endif()
+-  target_link_libraries(unwind_shared PRIVATE ${LIBUNWIND_LIBRARIES})
++  target_link_libraries(unwind_shared PRIVATE ${LIBUNWIND_LIBRARIES} -lssp_nonshared)
+   set_target_properties(unwind_shared
+     PROPERTIES
+       CXX_EXTENSIONS OFF
+@@ -157,7 +157,7 @@
+   else()
+     target_compile_options(unwind_static PRIVATE -fno-rtti)
+   endif()
+-  target_link_libraries(unwind_static PRIVATE ${LIBUNWIND_LIBRARIES})
++  target_link_libraries(unwind_static PRIVATE ${LIBUNWIND_LIBRARIES} -lssp_nonshared)
+   set_target_properties(unwind_static
+     PROPERTIES
+       CXX_EXTENSIONS OFF
diff --git a/repo/devel/libunwind/libunwind.xibuild b/repo/devel/libunwind/libunwind.xibuild
new file mode 100644
index 0000000..067a91d
--- /dev/null
+++ b/repo/devel/libunwind/libunwind.xibuild
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+NAME="libunwind"
+DESC="LLVM version of libunwind library"
+
+MAKEDEPS="cmake "
+DEPS="musl "
+
+PKG_VER=13.0.0
+SOURCE="https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/libunwind-$PKG_VER.src.tar.xz"
+
+ADDITIONAL="
+    https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/llvm-$PKG_VER.src.tar.xz
+	https://github.com/llvm/llvm-project/releases/download/llvmorg-$PKG_VER/libcxx-$PKG_VER.src.tar.xz
+    libunwind-link-libssp.patch 
+    libcxx-musl.patch 
+"
+
+prepare () {
+    tar xvf libunwind-$PKG_VER.src.tar.xz
+    tar xvf llvm-$PKG_VER.src.tar.xz
+    tar xvf libcxx-$PKG_VER.src.tar.xz
+    mv libunwind-$PKG_VER.src libunwind
+    mv llvm-$PKG_VER.src llvm
+    mv libcxx-$PKG_VER.src libcxx
+
+    apply_patches
+}
+
+build () {
+	cmake -B build -G Ninja -S libunwind \
+		-DCMAKE_BUILD_TYPE=MinSizeRel \
+		-DCMAKE_C_FLAGS_MINSIZEREL_INIT="$CFLAGS" \
+		-DCMAKE_CXX_FLAGS_MINSIZEREL_INIT="$CXXFLAGS" \
+		-DCMAKE_EXE_LINKER_FLAGS_MINSIZEREL_INIT="$LDFLAGS" \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DLIBUNWIND_HAS_NODEFAULTLIBS_FLAG=OFF \
+		-DLIBUNWIND_STANDALONE_BUILD=ON 
+	cmake --build build
+}
+
+package () {
+	DESTDIR="$PKG_DEST" cmake --install build
+    mkdir -p "$PKG_DEST"/usr/include/mach-o
+	cp libunwind/include/*.h "$PKG_DEST"/usr/include/
+	cp libunwind/include/mach-o/*.h "$PKG_DEST"/usr/include/mach-o/
+
+}
diff --git a/repo/devel/libunwind/toolchain-libunwind.xibuild b/repo/devel/libunwind/toolchain-libunwind.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/devel/libunwind/toolchain-libunwind.xibuild
diff --git a/repo/linux/linux-headers/toolchain-linux-headers.xibuild b/repo/linux/linux-headers/toolchain-linux-headers.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/linux/linux-headers/toolchain-linux-headers.xibuild
diff --git a/repo/system/libcxx/toolchain-libcxx.xibuild b/repo/system/libcxx/toolchain-libcxx.xibuild
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/repo/system/libcxx/toolchain-libcxx.xibuild
diff --git a/repo/system/musl/toolchain-musl.xibuild b/repo/system/musl/toolchain-musl.xibuild
new file mode 100644
index 0000000..ed46c6e
--- /dev/null
+++ b/repo/system/musl/toolchain-musl.xibuild
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+DESC="$DESC - for xibuild toolchain"
+
+build () {
+    export CXX=clang++
+    export CC=clang
+
+    CC=$CC CXX=$CXX ./configure --prefix=/
+    make
+}
+
+package () {
+    make install DESTDIR=$PKG_DEST
+}
diff --git a/repo/util/pdfgrep/pdfgrep.xibuild b/repo/util/pdfgrep/pdfgrep.xibuild
new file mode 100644
index 0000000..d4f5362
--- /dev/null
+++ b/repo/util/pdfgrep/pdfgrep.xibuild
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+NAME="pdfgrep"
+DESC="Commandline utility to search text in PDF files"
+
+MAKEDEPS="make "
+DEPS="musl pcre poppler "
+
+PKG_VER=2.1.2
+SOURCE="https://pdfgrep.org/download/pdfgrep-$PKG_VER.tar.gz"
+
+build () {
+    ./configure \
+        --prefix=/usr \
+        --bindir=/usr/bin \
+        --sysconfdir=/etc \
+        --disable-static
+    make
+}
+
+package () {
+    make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/util/tor/0002-disable-wildcard-escaping-test_patch b/repo/util/tor/0002-disable-wildcard-escaping-test_patch
new file mode 100644
index 0000000..ee4f280
--- /dev/null
+++ b/repo/util/tor/0002-disable-wildcard-escaping-test_patch
@@ -0,0 +1,25 @@
+This will only fail on aarch64 and s390x, for some reason.
+--- a/src/test/test_util.c
++++ b/src/test/test_util.c
+@@ -4633,21 +4633,6 @@ test_util_glob(void *ptr)
+   TEST("file1"PATH_SEPARATOR"*");
+   EXPECT_EMPTY();
+ 
+-#ifndef _WIN32
+-  // test wildcard escaping
+-  TEST("\\*");
+-  EXPECT_EMPTY();
+-
+-  if (getuid() != 0) {
+-    // test forbidden directory, if we're not root.
+-    // (Root will be able to see this directory anyway.)
+-    tor_asprintf(&pattern, "%s"PATH_SEPARATOR"*"PATH_SEPARATOR"*", dirname);
+-    results = tor_glob(pattern);
+-    tor_free(pattern);
+-    tt_assert(!results);
+-  }
+-#endif /* !defined(_WIN32) */
+-
+ #undef TEST
+ #undef EXPECT
+ #undef EXPECT_EMPTY
diff --git a/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch b/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch
new file mode 100644
index 0000000..3140139
--- /dev/null
+++ b/repo/util/tor/0003-disable-sandbox_chown_filename-test_patch
@@ -0,0 +1,36 @@
+This test fail on armhf, armv7 and aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -193,24 +193,6 @@ test_sandbox_chmod_filename(void *arg)
+ }
+ 
+ static void
+-test_sandbox_chown_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  int rc, errsv;
+-
+-  if (chown(sandbox_intern_string(data->file_ops_allowed), -1, -1) != 0)
+-    tt_abort_perror("chown");
+-
+-  rc = chown(data->file_ops_blocked, -1, -1);
+-  errsv = errno;
+-  tt_int_op(rc, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  (void)0;
+-}
+-
+-static void
+ test_sandbox_rename_filename(void *arg)
+ {
+   sandbox_data_t *data = arg;
+@@ -327,7 +309,6 @@ struct testcase_t sandbox_tests[] = {
+ 
+   SANDBOX_TEST_IN_SANDBOX(openat_filename),
+   SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+-  SANDBOX_TEST_IN_SANDBOX(chown_filename),
+   SANDBOX_TEST_IN_SANDBOX(rename_filename),
+ 
+ /* Currently the sandbox is unable to filter stat() calls on systems where
diff --git a/repo/util/tor/0004-disable-more-sandbox-tests_patch b/repo/util/tor/0004-disable-more-sandbox-tests_patch
new file mode 100644
index 0000000..7359b23
--- /dev/null
+++ b/repo/util/tor/0004-disable-more-sandbox-tests_patch
@@ -0,0 +1,120 @@
+These tests fail on aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored)
+ }
+ 
+ static void
+-test_sandbox_open_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  int fd, errsv;
+-
+-  fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY);
+-  if (fd == -1)
+-    tt_abort_perror("open");
+-  close(fd);
+-
+-  /* It might be nice to use sandbox_intern_string() in the line below as well
+-   * (and likewise in the test cases that follow) but this would require
+-   * capturing the warning message it logs, and the mechanism for doing so
+-   * relies on system calls that are normally blocked by the sandbox and may
+-   * vary across architectures. */
+-  fd = open(data->file_ops_blocked, O_RDONLY);
+-  errsv = errno;
+-  tt_int_op(fd, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  if (fd >= 0)
+-    close(fd);
+-}
+-
+-static void
+-test_sandbox_chmod_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  int rc, errsv;
+-
+-  if (chmod(sandbox_intern_string(data->file_ops_allowed),
+-            S_IRUSR | S_IWUSR) != 0)
+-    tt_abort_perror("chmod");
+-
+-  rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR);
+-  errsv = errno;
+-  tt_int_op(rc, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  (void)0;
+-}
+-
+-static void
+-test_sandbox_rename_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  const char *fname_old = sandbox_intern_string(data->file_ops_allowed),
+-    *fname_new = sandbox_intern_string(data->file_rename_target_allowed);
+-  int rc, errsv;
+-
+-  if (rename(fname_old, fname_new) != 0)
+-    tt_abort_perror("rename");
+-
+-  rc = rename(fname_new, fname_old);
+-  errsv = errno;
+-  tt_int_op(rc, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  (void)0;
+-}
+-
+-static void
+ test_sandbox_openat_filename(void *arg)
+ {
+   sandbox_data_t *data = arg;
+@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg)
+ }
+ 
+ static void
+-test_sandbox_opendir_dirname(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  DIR *dir;
+-  int errsv;
+-
+-  dir = opendir(sandbox_intern_string(data->dir_ops_allowed));
+-  if (dir == NULL)
+-    tt_abort_perror("opendir");
+-  closedir(dir);
+-
+-  dir = opendir(data->dir_ops_blocked);
+-  errsv = errno;
+-  tt_ptr_op(dir, OP_EQ, NULL);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  if (dir)
+-    closedir(dir);
+-}
+-
+-static void
+ test_sandbox_stat_filename(void *arg)
+ {
+   sandbox_data_t *data = arg;
+@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = {
+ #ifdef ENABLE_FRAGILE_HARDENING
+   SANDBOX_TEST_SKIPPED(open_filename),
+   SANDBOX_TEST_SKIPPED(opendir_dirname),
+-#else
+-  SANDBOX_TEST_IN_SANDBOX(open_filename),
+-  SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
+ #endif /* defined(ENABLE_FRAGILE_HARDENING) */
+ 
+-  SANDBOX_TEST_IN_SANDBOX(openat_filename),
+-  SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+-  SANDBOX_TEST_IN_SANDBOX(rename_filename),
+-
+ /* Currently the sandbox is unable to filter stat() calls on systems where
+  * glibc implements this function using either of the legacy "stat" or "stat64"
+  * system calls, or (in glibc version 2.33 and later) either of the newer
diff --git a/repo/util/tor/tor.confd b/repo/util/tor/tor.confd
new file mode 100644
index 0000000..38a482c
--- /dev/null
+++ b/repo/util/tor/tor.confd
@@ -0,0 +1,13 @@
+# Location of the torrc configuration file.
+#conffile="/etc/tor/torrc"
+
+# User to start the tor daemon.
+# If "User" directive is set in $conffile, then this option is ignored (i.e.
+# tor is started under root, but it setuids to the specified User after start).
+#user="tor"
+
+# Timeout for gracefulstop
+#graceful_timeout="60"
+
+# Set the file limit
+rc_ulimit="-n 30000"
diff --git a/repo/util/tor/tor.initd b/repo/util/tor/tor.initd
new file mode 100644
index 0000000..db8b2cf
--- /dev/null
+++ b/repo/util/tor/tor.initd
@@ -0,0 +1,92 @@
+#!/sbin/openrc-run
+
+: ${conffile:="/etc/tor/torrc"}
+: ${user:="tor"}
+: ${graceful_timeout:="${GRACEFUL_TIMEOUT:-60}"}
+
+command="/usr/bin/tor"
+command_args="-f $conffile --runasdaemon 0"
+command_background="yes"
+start_stop_daemon_args="--chdir /var/lib/tor"
+pidfile="/run/tor/tor.pid"
+
+extra_commands="checkconfig"
+extra_started_commands="gracefulstop reload"
+
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check if config file is valid."
+description_reload="Reload the configuration."
+# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
+description_gracefulstop="Gracefully stop (wait $gracefulstop until all connections are properly closed)."
+
+
+depend() {
+	need net
+}
+
+checkconfig() {
+	# First check that it exists.
+	if [ ! -f "$conffile" ] ; then
+		eerror "You need to setup $conffile first, see $conffile.sample for example"
+		return 1
+	fi
+
+	# Now verify whether the configuration is valid.
+	# If User directive is set in $conffile, then we must run tor as root,
+	# even --verify-config, otherwise it fails when verifying permissions
+	# of DataDirectory.
+	if conf_has User; then
+		local user="root"
+	fi
+	local out
+	out="$(su -s /bin/sh -c "$command $command_args --verify-config" $user 2>&1)" || {
+		eerror "Tor configuration $conffile is not valid"
+		printf '%s\n' "$out"
+		return 1
+	}
+}
+
+start_pre() {
+	checkconfig || return 1
+
+	# If User directive is set in $conffile, start tor as root and let it
+	# drop privileges itself (may be needed e.g. to bind to a privileged
+	# port). Otherwise run tor as $user (recommended).
+	if conf_has User; then
+		local user="$(conf_get User)"
+	else
+		start_stop_daemon_args="$start_stop_daemon_args --user $user"
+	fi
+
+	if conf_has DataDirectory; then
+		checkpath -d -m 0700 -o "$user" "$(conf_get DataDirectory)"
+	fi
+	checkpath -d -m 0755 -o "$user" "$(dirname "$pidfile")"
+}
+
+gracefulstop() {
+	ebegin "Gracefully stopping Tor, this can take up to $graceful_timeout seconds"
+	start-stop-daemon --stop \
+		--progress \
+		--signal INT \
+		--retry $graceful_timeout \
+		--pidfile "$pidfile" \
+		--exec $command -- $command_args
+	eend $?
+}
+
+reload() {
+	start_pre || return 1
+
+	ebegin "Reloading Tor configuration"
+	start-stop-daemon --signal HUP --pidfile "$pidfile"
+	eend $?
+}
+
+conf_get() {
+	sed -n "s/^\s*$1 \([^#]*\)/\1/p" "$conffile"
+}
+
+conf_has() {
+	grep -q "^\s*$1 " "$conffile"
+}
diff --git a/repo/util/tor/tor.xibuild b/repo/util/tor/tor.xibuild
new file mode 100644
index 0000000..92b719d
--- /dev/null
+++ b/repo/util/tor/tor.xibuild
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+NAME="tor"
+DESC="Anonymous network connectivity"
+
+MAKEDEPS="make "
+DEPS="libcap libseccomp libevent openssl cacerts zlib xz zstd "
+
+PKG_VER=0.4.7.7
+SOURCE="https://www.torproject.org/dist/tor-$PKG_VER.tar.gz"
+ADDITIONAL="torrc.sample.patch tor.initd tor.confd"
+
+prepare () {
+    apply_patches
+}
+
+build () {
+    ./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--mandir=/usr/share/man \
+		--disable-html-manual
+	make
+
+}
+
+package () {
+    make DESTDIR="$PKG_DEST" install
+
+	install -dm0755 -o "tor" \
+		"$PKG_DEST"/var/lib/"tor" \
+		"$PKG_DEST"/var/log/"tor"
+
+	install -Dm0755 "tor".initd \
+		"$PKG_DEST"/etc/init.d/"tor"
+	install -Dm0644 "tor".confd \
+		"$PKG_DEST"/etc/conf.d/"tor"
+}
+
+postinstall () {
+    adduser -S -D -H -h /var/lib/tor -s /sbin/nologin -g tor tor 2>/dev/null
+    exit 0
+}
diff --git a/repo/util/tor/torrc.sample.patch b/repo/util/tor/torrc.sample.patch
new file mode 100644
index 0000000..3360e98
--- /dev/null
+++ b/repo/util/tor/torrc.sample.patch
@@ -0,0 +1,27 @@
+--- a/src/config/torrc.sample.in
++++ b/src/config/torrc.sample.in
+@@ -35,7 +35,7 @@
+ ## may provide sensitive information to an attacker who obtains the logs.
+ ##
+ ## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log
+-#Log notice file @LOCALSTATEDIR@/log/tor/notices.log
++Log notice file @LOCALSTATEDIR@/log/tor/notices.log
+ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+ #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+ ## Use the system log instead of Tor's logfiles
+@@ -43,14 +43,9 @@
+ ## To send all messages to stderr:
+ #Log debug stderr
+ 
+-## Uncomment this to start the process in the background... or use
+-## --runasdaemon 1 on the command line. This is ignored on Windows;
+-## see the FAQ entry if you want Tor to run as an NT service.
+-#RunAsDaemon 1
+-
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+-#DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory @LOCALSTATEDIR@/lib/tor
+ 
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
diff --git a/repo/x11/xss-lock/xss-lock.xibuild b/repo/x11/xss-lock/xss-lock.xibuild
new file mode 100644
index 0000000..5320bed
--- /dev/null
+++ b/repo/x11/xss-lock/xss-lock.xibuild
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+NAME="xss-lock"
+DESC="Use external locker as X screen saver"
+
+MAKEDEPS="cmake "
+DEPS="glib xcb-util "
+
+PKG_VER=0.3.0
+SOURCE="https://bitbucket.org/raymonad/xss-lock/get/v$PKG_VER.tar.gz"
+
+build () {
+    cmake -B build \
+        -DCMAKE_INSTALL_PREFIX=/usr \
+		-DCMAKE_INSTALL_LIBDIR=/usr/lib \
+		-DBUILD_SHARED_LIBS=True \
+        -DBUILD_STATIC_LIBS=OFF
+	cmake --build build
+}
+
+package () {
+	DESTDIR="$PKG_DEST" cmake --install build
+}