diff options
| author |   Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 15:37:57 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <zx2c4@gentoo.org> | 2017-03-17 15:38:28 +0100 |
| commit | 9754f457cc6d0aeb90a1535a5228ef909e9584c9 (patch) | |
| tree | ffbd77f41fb100837cc8f992f8dc863cd01c270d /net-vpn/tor/files | |
| parent | app-forensics/openscap: remove old (diff) | |
| download | gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.gz gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.tar.bz2 gentoo-9754f457cc6d0aeb90a1535a5228ef909e9584c9.zip | |
Second half of net-vpn/ move
Diffstat (limited to 'net-vpn/tor/files')
| -rw-r--r-- | net-vpn/tor/files/README.gentoo | 8 | ||||
| -rw-r--r-- | net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 | ||||
| -rw-r--r-- | net-vpn/tor/files/tor.conf | 1 | ||||
| -rw-r--r-- | net-vpn/tor/files/tor.confd | 3 | ||||
| -rw-r--r-- | net-vpn/tor/files/tor.initd-r8 | 37 | ||||
| -rw-r--r-- | net-vpn/tor/files/tor.service | 21 | ||||
| -rw-r--r-- | net-vpn/tor/files/torrc-r1 | 7 |
7 files changed, 108 insertions, 0 deletions
diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo new file mode 100644 index 000000000000..35214ac6fbb5 --- /dev/null +++ b/net-vpn/tor/files/README.gentoo @@ -0,0 +1,8 @@ +We created a configuration file for tor, /etc/tor/torrc, but you can +change it according to your needs. Use the torrc.sample that is in +that directory as a guide. Also, to have privoxy work with tor +just add the following line + +forward-socks4a / localhost:9050 . + +to /etc/privoxy/config. Notice the . at the end! diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch new file mode 100644 index 000000000000..92eb03bb18ea --- /dev/null +++ b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch @@ -0,0 +1,31 @@ +diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in +--- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400 ++++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400 +@@ -12,6 +12,11 @@ + ## Tor will look for this file in various places based on your platform: + ## https://www.torproject.org/docs/faq#torrc + ++## Default username and group the server will run as ++User tor ++ ++PIDFile /var/run/tor/tor.pid ++ + ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't + ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only + ## as a relay, and not make any local application connections yourself. +@@ -42,6 +47,7 @@ + #Log notice syslog + ## To send all messages to stderr: + #Log debug stderr ++Log warn syslog + + ## Uncomment this to start the process in the background... or use + ## --runasdaemon 1 on the command line. This is ignored on Windows; +@@ -51,6 +57,7 @@ + ## The directory for keeping all the keys/etc. By default, we store + ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. + #DataDirectory @LOCALSTATEDIR@/lib/tor ++DataDirectory /var/lib/tor/data + + ## The port on which Tor will listen for local connections from Tor + ## controller applications, as documented in control-spec.txt. diff --git a/net-vpn/tor/files/tor.conf b/net-vpn/tor/files/tor.conf new file mode 100644 index 000000000000..188c041e5442 --- /dev/null +++ b/net-vpn/tor/files/tor.conf @@ -0,0 +1 @@ +d /var/run/tor 0775 tor tor - - diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd new file mode 100644 index 000000000000..4195bf3237b2 --- /dev/null +++ b/net-vpn/tor/files/tor.confd @@ -0,0 +1,3 @@ +# +# Set the file limit +rc_ulimit="-n 30000" diff --git a/net-vpn/tor/files/tor.initd-r8 b/net-vpn/tor/files/tor.initd-r8 new file mode 100644 index 000000000000..de9b66eb555b --- /dev/null +++ b/net-vpn/tor/files/tor.initd-r8 @@ -0,0 +1,37 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command=/usr/bin/tor +pidfile=/var/run/tor/tor.pid +command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\"" +retry=${GRACEFUL_TIMEOUT:-60} +stopsig=INT +command_progress=yes + +extra_commands="checkconfig" +extra_started_commands="reload" +description="Anonymizing overlay network for TCP" +description_checkconfig="Check for valid config file" +description_reload="Reload the configuration" + +checkconfig() { + ${command} --verify-config --hush > /dev/null 2>&1 + if [ $? -ne 0 ] ; then + eerror "Tor configuration (/etc/tor/torrc) is not valid." + eerror "Example is in /etc/tor/torrc.sample" + return 1 + fi +} + +start_pre() { + checkconfig || return 1 + checkpath -d -m 0755 -o tor:tor /var/run/tor +} + +reload() { + checkconfig || return 1 + ebegin "Reloading Tor configuration" + start-stop-daemon -s HUP --pidfile ${pidfile} + eend $? +} diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service new file mode 100644 index 000000000000..8fcc6740ed91 --- /dev/null +++ b/net-vpn/tor/files/tor.service @@ -0,0 +1,21 @@ +[Unit] +Description=The Onion Router + +[Service] +ExecStartPre=/usr/bin/tor --verify-config -f /etc/tor/torrc +ExecStart=/usr/bin/tor --RunAsDaemon 0 -f /etc/tor/torrc +ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT +TimeoutStopSec=32 +LimitNOFILE=30000 + +# Hardening options: +CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE +PrivateTmp = yes +PrivateDevices = yes +ProtectHome = yes +ProtectSystem = full +NoNewPrivileges = yes + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tor/files/torrc-r1 b/net-vpn/tor/files/torrc-r1 new file mode 100644 index 000000000000..322a794aa1d5 --- /dev/null +++ b/net-vpn/tor/files/torrc-r1 @@ -0,0 +1,7 @@ +# +# Minimal torrc so tor will work out of the box +# +User tor +PIDFile /var/run/tor/tor.pid +Log notice syslog +DataDirectory /var/lib/tor/data |