From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001 From: Parabola Date: Tue, 5 Apr 2011 14:26:38 +0000 Subject: Tue Apr 5 14:26:38 UTC 2011 --- community/tor/PKGBUILD | 48 ++++++++++++++++ community/tor/tor | 44 ++++++++++++++ community/tor/tor.conf.d | 9 +++ community/tor/tor.install | 24 ++++++++ community/tor/torrc | 143 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 268 insertions(+) create mode 100644 community/tor/PKGBUILD create mode 100644 community/tor/tor create mode 100644 community/tor/tor.conf.d create mode 100644 community/tor/tor.install create mode 100644 community/tor/torrc (limited to 'community/tor') diff --git a/community/tor/PKGBUILD b/community/tor/PKGBUILD new file mode 100644 index 000000000..db528f365 --- /dev/null +++ b/community/tor/PKGBUILD @@ -0,0 +1,48 @@ +# $Id: PKGBUILD 41034 2011-03-03 11:05:31Z lfleischer $ +# Maintainer: Lukas Fleischer +# Contributor: simo + +pkgname=tor +pkgver=0.2.1.30 +pkgrel=1 +pkgdesc='Anonymizing overlay network.' +arch=('i686' 'x86_64') +url='http://www.torproject.org/' +license=('BSD') +depends=('openssl' 'libevent' 'tsocks' 'bash') +makedepends=('ca-certificates') +backup=('etc/tor/torrc' + 'etc/tor/torrc-dist' + 'etc/tor/tor-tsocks.conf' + 'etc/conf.d/tor') +install='tor.install' +source=("http://www.torproject.org/dist/${pkgname}-${pkgver}.tar.gz" + 'torrc' + 'tor' + 'tor.conf.d') +md5sums=('6c6d61e053af5969a245d025c4cfce9d' + '56c75d4e8a66f34167d31e38c43793dd' + 'f8e6868a389877346e7eebaacd1078bb' + '5c7c6834064b3530c442def6079ac3aa') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + install -dm0700 "${pkgdir}/var/lib/tor" + + mv "${pkgdir}/etc/tor/torrc.sample" "${pkgdir}/etc/tor/torrc-dist" + install -Dm0644 "${srcdir}/torrc" "${pkgdir}/etc/tor/torrc" + install -Dm0755 "${srcdir}/tor" "${pkgdir}/etc/rc.d/tor" + install -Dm0644 "${srcdir}/tor.conf.d" "${pkgdir}/etc/conf.d/tor" + + install -Dm0644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/community/tor/tor b/community/tor/tor new file mode 100644 index 000000000..522c498ce --- /dev/null +++ b/community/tor/tor @@ -0,0 +1,44 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions + +# source application-specific settings +[ -f /etc/conf.d/tor ] && . /etc/conf.d/tor + +PID=`pidof -o %PPID /usr/bin/tor` +case "$1" in + start) + stat_busy "Starting Tor Daemon" + if [ -z "${TOR_MAX_FD}" ] || ulimit -n "${TOR_MAX_FD}"; then + [ -z "$PID" ] && /usr/bin/tor -f ${TOR_CONF} ${TOR_ARGS} &>/dev/null + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon tor + stat_done + fi + else + stat_fail + fi + ;; + stop) + stat_busy "Stopping Tor Daemon" + [ ! -z "$PID" ] && kill -INT $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon tor + stat_done + fi + ;; + restart) + $0 stop + sleep 3 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 +# vim: ft=sh ts=2 sw=2 diff --git a/community/tor/tor.conf.d b/community/tor/tor.conf.d new file mode 100644 index 000000000..e9fa098e0 --- /dev/null +++ b/community/tor/tor.conf.d @@ -0,0 +1,9 @@ +# Location of the config file. +TOR_CONF='/etc/tor/torrc' + +# Custom ulimit for maximum number of open files. +TOR_MAX_FD= + +# Additional arguments. +TOR_ARGS="--quiet" + diff --git a/community/tor/tor.install b/community/tor/tor.install new file mode 100644 index 000000000..2c448d28e --- /dev/null +++ b/community/tor/tor.install @@ -0,0 +1,24 @@ +post_install() { + echo "-> Tor has been preconfigured to run as a client only." + echo "-> Tor is experimental software. Do not rely on it for strong anonymity." + echo '-> ' + echo '-> You can set custom file descriptor ulimits for Tor in' + echo '-> "/etc/conf.d/tor" using the "TOR_MAX_FD" variable.' + groupadd -g 43 tor &>/dev/null + useradd -u 43 -g tor -d /var/lib/tor -s /bin/false tor &> /dev/null + chown tor:tor var/lib/tor &> /dev/null + chmod 700 var/lib/tor &> /dev/null +} + +post_upgrade() { + echo '-> You can now set custom file descriptor ulimits for Tor in' + echo '-> "/etc/conf.d/tor" using the "TOR_MAX_FD" variable.' + getent group tor &>/dev/null || groupadd -g 43 tor &>/dev/null + getent passwd tor &>/dev/null || useradd -u 43 -g tor -d /var/lib/tor -s /bin/false tor &> /dev/null + chown tor:tor var/lib/tor &> /dev/null +} + +pre_remove() { + getent passwd tor &>/dev/null && userdel tor &> /dev/null + getent group tor &>/dev/null && groupdel tor &> /dev/null +} diff --git a/community/tor/torrc b/community/tor/torrc new file mode 100644 index 000000000..3505653ab --- /dev/null +++ b/community/tor/torrc @@ -0,0 +1,143 @@ +## CONFIGURED FOR ARCHLINUX + +## Last updated 22 July 2005 for Tor 0.1.0.13. +## (May or may not work for older or newer versions of Tor.) +# +## See the man page, or http://tor.eff.org/tor-manual.html, for more +## options you can use in this file. +# +# On Unix, Tor will look for this file in someplace like "~/.tor/torrc" or +# "/etc/torrc" +# +# On Windows, Tor will look for the configuration file in someplace like +# "Application Data\tor\torrc" or "Application Data\\tor\torrc" +# +# With the default Mac OS X installer, Tor will look in ~/.tor/torrc or +# /Library/Tor/torrc + + +## Replace this with "SocksPort 0" if you plan to run Tor only as a +## server, and not make any local application connections yourself. +SocksPort 9050 # what port to open for local application connections +SocksBindAddress 127.0.0.1 # accept connections only from localhost +#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port too + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SocksPolicy is set, we accept +## all (and only) requests from SocksBindAddress. +#SocksPolicy accept 192.168.0.1/16 +#SocksPolicy reject * + +## Allow no-name routers (ones that the dirserver operators don't +## know anything about) in only these positions in your circuits. +## Other choices (not advised) are entry,exit,introduction. +AllowUnverifiedNodes middle,rendezvous + +## Logs go to stdout at level "notice" unless redirected by something +## else, like one of the below lines. You can have as many log lines as +## you want. +## +## Send all messages of level 'notice' or higher to /var/log/tor/notices.log +#Log notice file /var/log/tor/notices.log +## Send only debug and info messages to /var/log/tor/debug.log +#Log debug-info file /var/log/tor/debug.log +## Send ONLY debug messages to /var/log/tor/debug.log +#Log debug-debug file /var/log/tor/debug.log +## To use the system log instead of Tor's logfiles, uncomment these lines: +Log notice syslog +## To send all messages to stderr: +#Log debug stderr + +## Uncomment this to start the process in the background... or use +## --runasdaemon 1 on the command line. +RunAsDaemon 1 +User tor +Group tor + +## Tor only trusts directories signed with one of these keys, and +## uses the given addresses to connect to the trusted directory +## servers. If no DirServer lines are specified, Tor uses the built-in +## defaults (moria1, moria2, tor26), so you can leave this alone unless +## you need to change it. +#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 +#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF +#DirServer 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +DataDirectory /var/lib/tor + +## The port on which Tor will listen for local connections from Tor controller +## applications, as documented in control-spec.txt. NB: this feature is +## currently experimental. +#ControlPort 9051 + +############### This section is just for location-hidden services ### + +## Look in .../hidden_service/hostname for the address to tell people. +## HiddenServicePort x y:z says to redirect a port x request from the +## client to y:z. + +#HiddenServiceDir /var/lib/tor/hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 + +#HiddenServiceDir /var/lib/tor/other_hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 +#HiddenServicePort 22 127.0.0.1:22 +#HiddenServiceNodes moria1,moria2 +#HiddenServiceExcludeNodes bad,otherbad + +################ This section is just for servers ##################### + +## NOTE: If you enable these, you should consider mailing your identity +## key fingerprint to the tor-ops, so we can add you to the list of +## servers that clients will trust. See +## http://tor.eff.org/doc/tor-doc.html#server for details. + +## Required: A unique handle for this server +#Nickname ididnteditheconfig + +## The IP or fqdn for this server. Leave commented out and Tor will guess. +#Address noname.example.com + +## Contact info that will be published in the directory, so we can +## contact you if you need to upgrade or if something goes wrong. +## This is optional but recommended. +#ContactInfo Random Person +## You might also include your PGP or GPG fingerprint if you have one: +#ContactInfo 1234D/FFFFFFFF Random Person + +## Required: what port to advertise for tor connections +#ORPort 9001 +## If you want to listen on a port other than the one advertised +## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment +## the line below. You'll need to do ipchains or other port forwarding +## yourself to make this work. +#ORBindAddress 0.0.0.0:9090 + +## Uncomment this to mirror the directory for others (please do) +#DirPort 9030 # what port to advertise for directory connections +## If you want to listen on a port other than the one advertised +## in DirPort (e.g. to advertise 80 but bind 9091), uncomment the line +## below. You'll need to do ipchains or other port forwarding yourself +## to make this work. +#DirBindAddress 0.0.0.0:9091 + +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. If you want to *replace* +## the default exit policy, end this with either a reject *:* or an +## accept *:*. Otherwise, you're *augmenting* (prepending to) the +## default exit policy. Leave commented to just use the default, which is +## available in the man page or at http://tor.eff.org/documentation.html +## +## Look at http://tor.eff.org/faq-abuse.html#TypicalAbuses +## for issues you might encounter if you use the default exit policy. +## +## If certain IPs and ports are blocked externally, e.g. by your firewall, +## you should update your exit policy to reflect this -- otherwise Tor +## users will be told that those destinations are down. +## +#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more +#ExitPolicy accept *:119 # accept nntp as well as default exit policy +#ExitPolicy reject *:* # middleman only -- no exits allowed + -- cgit v1.2.3-54-g00ecf