diff options
Diffstat (limited to 'repo/system/tor')
| -rw-r--r-- | repo/system/tor/0002-disable-wildcard-escaping-test_patch | 25 | ||||
| -rw-r--r-- | repo/system/tor/0003-disable-sandbox_chown_filename-test_patch | 36 | ||||
| -rw-r--r-- | repo/system/tor/0004-disable-more-sandbox-tests_patch | 120 | ||||
| -rw-r--r-- | repo/system/tor/tor.confd | 13 | ||||
| -rw-r--r-- | repo/system/tor/tor.initd | 92 | ||||
| -rw-r--r-- | repo/system/tor/tor.xibuild | 44 | ||||
| -rw-r--r-- | repo/system/tor/torrc.sample.patch | 27 |
7 files changed, 0 insertions, 357 deletions
diff --git a/repo/system/tor/0002-disable-wildcard-escaping-test_patch b/repo/system/tor/0002-disable-wildcard-escaping-test_patch deleted file mode 100644 index ee4f280..0000000 --- a/repo/system/tor/0002-disable-wildcard-escaping-test_patch +++ /dev/null @@ -1,25 +0,0 @@ -This will only fail on aarch64 and s390x, for some reason. ---- a/src/test/test_util.c -+++ b/src/test/test_util.c -@@ -4633,21 +4633,6 @@ test_util_glob(void *ptr) - TEST("file1"PATH_SEPARATOR"*"); - EXPECT_EMPTY(); - --#ifndef _WIN32 -- // test wildcard escaping -- TEST("\\*"); -- EXPECT_EMPTY(); -- -- if (getuid() != 0) { -- // test forbidden directory, if we're not root. -- // (Root will be able to see this directory anyway.) -- tor_asprintf(&pattern, "%s"PATH_SEPARATOR"*"PATH_SEPARATOR"*", dirname); -- results = tor_glob(pattern); -- tor_free(pattern); -- tt_assert(!results); -- } --#endif /* !defined(_WIN32) */ -- - #undef TEST - #undef EXPECT - #undef EXPECT_EMPTY diff --git a/repo/system/tor/0003-disable-sandbox_chown_filename-test_patch b/repo/system/tor/0003-disable-sandbox_chown_filename-test_patch deleted file mode 100644 index 3140139..0000000 --- a/repo/system/tor/0003-disable-sandbox_chown_filename-test_patch +++ /dev/null @@ -1,36 +0,0 @@ -This test fail on armhf, armv7 and aarch64 ---- a/src/test/test_sandbox.c -+++ b/src/test/test_sandbox.c -@@ -193,24 +193,6 @@ test_sandbox_chmod_filename(void *arg) - } - - static void --test_sandbox_chown_filename(void *arg) --{ -- sandbox_data_t *data = arg; -- int rc, errsv; -- -- if (chown(sandbox_intern_string(data->file_ops_allowed), -1, -1) != 0) -- tt_abort_perror("chown"); -- -- rc = chown(data->file_ops_blocked, -1, -1); -- errsv = errno; -- tt_int_op(rc, OP_EQ, -1); -- tt_int_op(errsv, OP_EQ, EPERM); -- -- done: -- (void)0; --} -- --static void - test_sandbox_rename_filename(void *arg) - { - sandbox_data_t *data = arg; -@@ -327,7 +309,6 @@ struct testcase_t sandbox_tests[] = { - - SANDBOX_TEST_IN_SANDBOX(openat_filename), - SANDBOX_TEST_IN_SANDBOX(chmod_filename), -- SANDBOX_TEST_IN_SANDBOX(chown_filename), - SANDBOX_TEST_IN_SANDBOX(rename_filename), - - /* Currently the sandbox is unable to filter stat() calls on systems where diff --git a/repo/system/tor/0004-disable-more-sandbox-tests_patch b/repo/system/tor/0004-disable-more-sandbox-tests_patch deleted file mode 100644 index 7359b23..0000000 --- a/repo/system/tor/0004-disable-more-sandbox-tests_patch +++ /dev/null @@ -1,120 +0,0 @@ -These tests fail on aarch64 ---- a/src/test/test_sandbox.c -+++ b/src/test/test_sandbox.c -@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored) - } - - static void --test_sandbox_open_filename(void *arg) --{ -- sandbox_data_t *data = arg; -- int fd, errsv; -- -- fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY); -- if (fd == -1) -- tt_abort_perror("open"); -- close(fd); -- -- /* It might be nice to use sandbox_intern_string() in the line below as well -- * (and likewise in the test cases that follow) but this would require -- * capturing the warning message it logs, and the mechanism for doing so -- * relies on system calls that are normally blocked by the sandbox and may -- * vary across architectures. */ -- fd = open(data->file_ops_blocked, O_RDONLY); -- errsv = errno; -- tt_int_op(fd, OP_EQ, -1); -- tt_int_op(errsv, OP_EQ, EPERM); -- -- done: -- if (fd >= 0) -- close(fd); --} -- --static void --test_sandbox_chmod_filename(void *arg) --{ -- sandbox_data_t *data = arg; -- int rc, errsv; -- -- if (chmod(sandbox_intern_string(data->file_ops_allowed), -- S_IRUSR | S_IWUSR) != 0) -- tt_abort_perror("chmod"); -- -- rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR); -- errsv = errno; -- tt_int_op(rc, OP_EQ, -1); -- tt_int_op(errsv, OP_EQ, EPERM); -- -- done: -- (void)0; --} -- --static void --test_sandbox_rename_filename(void *arg) --{ -- sandbox_data_t *data = arg; -- const char *fname_old = sandbox_intern_string(data->file_ops_allowed), -- *fname_new = sandbox_intern_string(data->file_rename_target_allowed); -- int rc, errsv; -- -- if (rename(fname_old, fname_new) != 0) -- tt_abort_perror("rename"); -- -- rc = rename(fname_new, fname_old); -- errsv = errno; -- tt_int_op(rc, OP_EQ, -1); -- tt_int_op(errsv, OP_EQ, EPERM); -- -- done: -- (void)0; --} -- --static void - test_sandbox_openat_filename(void *arg) - { - sandbox_data_t *data = arg; -@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg) - } - - static void --test_sandbox_opendir_dirname(void *arg) --{ -- sandbox_data_t *data = arg; -- DIR *dir; -- int errsv; -- -- dir = opendir(sandbox_intern_string(data->dir_ops_allowed)); -- if (dir == NULL) -- tt_abort_perror("opendir"); -- closedir(dir); -- -- dir = opendir(data->dir_ops_blocked); -- errsv = errno; -- tt_ptr_op(dir, OP_EQ, NULL); -- tt_int_op(errsv, OP_EQ, EPERM); -- -- done: -- if (dir) -- closedir(dir); --} -- --static void - test_sandbox_stat_filename(void *arg) - { - sandbox_data_t *data = arg; -@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = { - #ifdef ENABLE_FRAGILE_HARDENING - SANDBOX_TEST_SKIPPED(open_filename), - SANDBOX_TEST_SKIPPED(opendir_dirname), --#else -- SANDBOX_TEST_IN_SANDBOX(open_filename), -- SANDBOX_TEST_IN_SANDBOX(opendir_dirname), - #endif /* defined(ENABLE_FRAGILE_HARDENING) */ - -- SANDBOX_TEST_IN_SANDBOX(openat_filename), -- SANDBOX_TEST_IN_SANDBOX(chmod_filename), -- SANDBOX_TEST_IN_SANDBOX(rename_filename), -- - /* Currently the sandbox is unable to filter stat() calls on systems where - * glibc implements this function using either of the legacy "stat" or "stat64" - * system calls, or (in glibc version 2.33 and later) either of the newer diff --git a/repo/system/tor/tor.confd b/repo/system/tor/tor.confd deleted file mode 100644 index 38a482c..0000000 --- a/repo/system/tor/tor.confd +++ /dev/null @@ -1,13 +0,0 @@ -# Location of the torrc configuration file. -#conffile="/etc/tor/torrc" - -# User to start the tor daemon. -# If "User" directive is set in $conffile, then this option is ignored (i.e. -# tor is started under root, but it setuids to the specified User after start). -#user="tor" - -# Timeout for gracefulstop -#graceful_timeout="60" - -# Set the file limit -rc_ulimit="-n 30000" diff --git a/repo/system/tor/tor.initd b/repo/system/tor/tor.initd deleted file mode 100644 index db8b2cf..0000000 --- a/repo/system/tor/tor.initd +++ /dev/null @@ -1,92 +0,0 @@ -#!/sbin/openrc-run - -: ${conffile:="/etc/tor/torrc"} -: ${user:="tor"} -: ${graceful_timeout:="${GRACEFUL_TIMEOUT:-60}"} - -command="/usr/bin/tor" -command_args="-f $conffile --runasdaemon 0" -command_background="yes" -start_stop_daemon_args="--chdir /var/lib/tor" -pidfile="/run/tor/tor.pid" - -extra_commands="checkconfig" -extra_started_commands="gracefulstop reload" - -description="Anonymizing overlay network for TCP" -description_checkconfig="Check if config file is valid." -description_reload="Reload the configuration." -# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525 -description_gracefulstop="Gracefully stop (wait $gracefulstop until all connections are properly closed)." - - -depend() { - need net -} - -checkconfig() { - # First check that it exists. - if [ ! -f "$conffile" ] ; then - eerror "You need to setup $conffile first, see $conffile.sample for example" - return 1 - fi - - # Now verify whether the configuration is valid. - # If User directive is set in $conffile, then we must run tor as root, - # even --verify-config, otherwise it fails when verifying permissions - # of DataDirectory. - if conf_has User; then - local user="root" - fi - local out - out="$(su -s /bin/sh -c "$command $command_args --verify-config" $user 2>&1)" || { - eerror "Tor configuration $conffile is not valid" - printf '%s\n' "$out" - return 1 - } -} - -start_pre() { - checkconfig || return 1 - - # If User directive is set in $conffile, start tor as root and let it - # drop privileges itself (may be needed e.g. to bind to a privileged - # port). Otherwise run tor as $user (recommended). - if conf_has User; then - local user="$(conf_get User)" - else - start_stop_daemon_args="$start_stop_daemon_args --user $user" - fi - - if conf_has DataDirectory; then - checkpath -d -m 0700 -o "$user" "$(conf_get DataDirectory)" - fi - checkpath -d -m 0755 -o "$user" "$(dirname "$pidfile")" -} - -gracefulstop() { - ebegin "Gracefully stopping Tor, this can take up to $graceful_timeout seconds" - start-stop-daemon --stop \ - --progress \ - --signal INT \ - --retry $graceful_timeout \ - --pidfile "$pidfile" \ - --exec $command -- $command_args - eend $? -} - -reload() { - start_pre || return 1 - - ebegin "Reloading Tor configuration" - start-stop-daemon --signal HUP --pidfile "$pidfile" - eend $? -} - -conf_get() { - sed -n "s/^\s*$1 \([^#]*\)/\1/p" "$conffile" -} - -conf_has() { - grep -q "^\s*$1 " "$conffile" -} diff --git a/repo/system/tor/tor.xibuild b/repo/system/tor/tor.xibuild deleted file mode 100644 index 8441516..0000000 --- a/repo/system/tor/tor.xibuild +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -NAME="tor" -DESC="Anonymous network connectivity" - -MAKEDEPS="make " -DEPS="libcap libseccomp libevent openssl cacerts zlib xz zstd " - -PKG_VER=0.4.7.7 -SOURCE="https://www.torproject.org/dist/tor-$PKG_VER.tar.gz" -ADDITIONAL="torrc.sample.patch tor.initd tor.confd" - -prepare () { - apply_patches -} - -build () { - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --mandir=/usr/share/man \ - --disable-html-manual - make - -} - -package () { - make DESTDIR="$PKG_DEST" install - - install -dm0755 -o "tor" \ - "$PKG_DEST"/var/lib/"tor" \ - "$PKG_DEST"/var/log/"tor" - - install -Dm0755 "tor".initd \ - "$PKG_DEST"/etc/init.d/"tor" - install -Dm0644 "tor".confd \ - "$PKG_DEST"/etc/conf.d/"tor" -} - -postinstall () { - adduser -S -D -H -h /var/lib/tor -s /sbin/nologin -g tor tor 2>/dev/null - return 0 -} diff --git a/repo/system/tor/torrc.sample.patch b/repo/system/tor/torrc.sample.patch deleted file mode 100644 index 3360e98..0000000 --- a/repo/system/tor/torrc.sample.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/src/config/torrc.sample.in -+++ b/src/config/torrc.sample.in -@@ -35,7 +35,7 @@ - ## may provide sensitive information to an attacker who obtains the logs. - ## - ## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log --#Log notice file @LOCALSTATEDIR@/log/tor/notices.log -+Log notice file @LOCALSTATEDIR@/log/tor/notices.log - ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log - #Log debug file @LOCALSTATEDIR@/log/tor/debug.log - ## Use the system log instead of Tor's logfiles -@@ -43,14 +43,9 @@ - ## To send all messages to stderr: - #Log debug stderr - --## Uncomment this to start the process in the background... or use --## --runasdaemon 1 on the command line. This is ignored on Windows; --## see the FAQ entry if you want Tor to run as an NT service. --#RunAsDaemon 1 -- - ## The directory for keeping all the keys/etc. By default, we store - ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. --#DataDirectory @LOCALSTATEDIR@/lib/tor -+DataDirectory @LOCALSTATEDIR@/lib/tor - - ## The port on which Tor will listen for local connections from Tor - ## controller applications, as documented in control-spec.txt. |