diff --git a/Makefile.am b/Makefile.am index 5d7dd0a81c..bdea183108 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ SUBDIRS = src doc contrib DIST_SUBDIRS = src doc contrib -EXTRA_DIST = INSTALL README AUTHORS LICENSE ChangeLog +EXTRA_DIST = INSTALL README AUTHORS LICENSE ChangeLog tor.spec tor.spec.in #install-data-local: # $(INSTALL) -m 755 -d $(LOCALSTATEDIR)/lib/tor @@ -21,4 +21,4 @@ dist-rpm: dist mv /tmp/tor-rpm-build/*RPMS/* . doxygen: - doxygen && cd doc/doxygen/latex && make \ No newline at end of file + doxygen && cd doc/doxygen/latex && make diff --git a/configure.in b/configure.in index 020e90e4d7..ca85e2079f 100644 --- a/configure.in +++ b/configure.in @@ -239,4 +239,4 @@ CFLAGS="$CFLAGS -Wall -W -Wno-unused-parameter -Wfloat-equal -Wundef -Wpointer-a echo "confdir: $CONFDIR" -AC_OUTPUT(Makefile contrib/tor.sh contrib/torify contrib/Makefile src/config/torrc.sample doc/tor.1 src/Makefile doc/Makefile doc/design-paper/Makefile src/config/Makefile src/common/Makefile src/or/Makefile src/win32/Makefile src/tools/Makefile) +AC_OUTPUT(Makefile tor.spec contrib/tor.sh contrib/torify contrib/Makefile src/config/torrc.sample doc/tor.1 src/Makefile doc/Makefile doc/design-paper/Makefile src/config/Makefile src/common/Makefile src/or/Makefile src/win32/Makefile src/tools/Makefile) diff --git a/contrib/Makefile.am b/contrib/Makefile.am index d4a7a077a1..e53f5d7399 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -1,6 +1,6 @@ confdir = $(sysconfdir)/tor -EXTRA_DIST = tor-tsocks.conf torify.1 tor.spec +EXTRA_DIST = tor-tsocks.conf torify.1 conf_DATA = tor-tsocks.conf diff --git a/contrib/tor.sh.in b/contrib/tor.sh.in index dfde1f6a45..c5d79b88c6 100644 --- a/contrib/tor.sh.in +++ b/contrib/tor.sh.in @@ -10,10 +10,12 @@ TORGROUP= TORBIN=@BINDIR@/tor TORPID=@LOCALSTATEDIR@/run/tor/tor.pid TORLOG=@LOCALSTATEDIR@/log/tor/tor.log +TORDATA=@LOCALSTATEDIR@/lib/tor + TORCONF=@CONFDIR@/torrc # Strictly speaking, we don't need to su if we have --user and --group. # "Belt and suspenders," says jbash. -TORARGS="--pidfile $TORPID --logfile $TORLOG --runasdaemon 1" +TORARGS="--pidfile $TORPID --logfile $TORLOG --runasdaemon 1 --datadirectory $TORDATA" if [ "x$TORUSER" != "x" ]; then TORARGS="$TORARGS --user $TORUSER" fi @@ -56,8 +58,8 @@ case "$1" in echo " ERROR!" fi else - echo "Unable to kill tor: $TORPID does not exist" - RETVAL=1 + echo "Unable to kill tor: $TORPID does not exist. Assuming already dead." + RETVAL=0 fi ;; diff --git a/contrib/tor.spec b/contrib/tor.spec deleted file mode 100644 index 9a48cecf72..0000000000 --- a/contrib/tor.spec +++ /dev/null @@ -1,150 +0,0 @@ -# TODO: -# Add /etc/logrotate.d/tor -# - -%define blddate %(date -u +"%Y%m%d%H%M") - -%define version 0.0.7 -%define version_extra rc2 -%define vepoch 0.1 -%define tor_version %{version}%{version_extra} -# not quite right XXXXX -%define release 0.std.%{vepoch}.%{version_extra} - -Name: tor -Version: %{version} -Release: %{release} -Summary: Anonymizing overlay network for TCP -Vendor: R. Dingledine -Packager: Nick Mathewson -License: BSD-like -Group: Applications/Internet -URL: http://freehaven.net/tor/ - -Source0: http://freehaven.net/tor/dist/tor-%{tor_version}.tar.gz - -Requires: openssl >= 0.9.6 -BuildRequires: openssl-devel >= 0.9.6 -Requires(pre): shadow-utils, /usr/bin/id, /bin/date, /bin/sh -Requires(pre): %{_sbindir}/useradd, %{_sbindir}/groupadd - -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - -%description -Tor is a connection-based low-latency anonymous communication system which -addresses many flaws in the original onion routing design. - -In brief, Onion Routing is a connection-oriented anonymizing communication -service. Users choose a source-routed path through a set of nodes, and -negotiate a "virtual circuit" through the network, in which each node -knows its predecessor and successor, but no others. Traffic flowing down -the circuit is unwrapped by a symmetric key at each node, which reveals -the downstream node. - -Basically Tor provides a distributed network of servers ("onion -routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc) -around the routers, and recipients, observers, and even the routers -themselves have difficulty tracking the source of the stream. - -Note that Tor does no protocol cleaning. That means there is a danger that -application protocols and associated programs can be induced to reveal -information about the initiator. Tor depends on Privoxy and similar protocol -cleaners to solve this problem. - -Client applications can use the Tor network by connecting to the local -onion proxy. If the application itself does not come with socks support -you can use a socks client such as tsocks. Some web browsers like mozilla -and web proxies like privoxy come with socks support, so you don't need an -extra socks client if you want to use Tor with them. - -Remember that this is alpha code, and the network is very small -- Tor will -not provide anonymity currently. - -This package provides the "tor" program, which serves as both a client -and a relay node. Scripts will automatically create a "tor" user and -group, set tor up to run as a daemon, and automatically start it at -installation time. - -%prep -%setup -q -n tor-%{tor_version} - -# Patch the startup script to use the right user and group IDs. Force -# the use of /bin/sh as the shell for the "tor" account. -ed -s contrib/tor.sh.in << '/EOF/' > /dev/null -,s/^TORUSER=$/TORUSER=tor/ -,s/^TORGROUP=$/TORGROUP=tor/ -,s:/bin/su:/bin/su -s /bin/sh: -# -# Save and exit ed -w -q -/EOF/ - -%build -%configure -%__make - -%install -%makeinstall - -# Install init script. -%__mkdir_p ${RPM_BUILD_ROOT}%{_initrddir} -%__install -p -m 755 contrib/tor.sh ${RPM_BUILD_ROOT}%{_initrddir}/tor - -# Directories that don't have any preinstalled files -%__mkdir_p -m 700 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tor -%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/run/tor -%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/log/tor - -%clean -[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} - -%pre -[ -f %{_initrddir}/tor ] && /sbin/service tor stop -if [ ! -n "`/usr/bin/id -g tor 2>/dev/null`" ]; then - # One would like to default the GID, but doing that properly would - # require thought. - %{_sbindir}/groupadd tor 2> /dev/null -fi -if [ ! -n "`/usr/bin/id -u tor 2>/dev/null`" ]; then - # One would also like to default the UID, but doing that properly would - # also require thought. - if [ -x /sbin/nologin ]; then - %{_sbindir}/useradd -r -g tor -d / -s /sbin/nologin tor 2> /dev/null - else - %{_sbindir}/useradd -r -g tor -d / -s /bin/false tor 2> /dev/null - fi -fi - -%post -/sbin/chkconfig --add tor -/sbin/chkconfig tor && /sbin/service tor start - -%preun -/sbin/chkconfig tor && /sbin/service tor stop -/sbin/chkconfig --del tor - -%files -%defattr(-,root,root) -%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO doc/FAQ -#%{_mandir}/man1/tor.1.gz -#%{_mandir}/man1/torify.1.gz -%{_mandir}/man*/* -%{_bindir}/tor -%{_bindir}/torify -%config %{_initrddir}/tor -%dir %{_sysconfdir}/tor/ -%config(noreplace) %{_sysconfdir}/tor/torrc.sample -%config(noreplace) %{_sysconfdir}/tor/dirservers -%config(noreplace) %{_sysconfdir}/tor/tor-tsocks.conf -%attr(0700,tor,tor) %dir %{_localstatedir}/lib/tor -%attr(0755,tor,tor) %dir %{_localstatedir}/run/tor -%attr(0755,tor,tor) %dir %{_localstatedir}/log/tor - -%changelog -* Mon Jun 06 2004 Nick Mathewson 0.0.7-0.std.0.1.rc2 -- Make spec file more happy with fc2 packaging - -* Sat Jan 17 2004 John Bashinski -- Basic spec file; tested with Red Hat 9. - diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index c2dab95130..596b72d846 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -17,23 +17,23 @@ SocksBindAddress 127.0.0.1 # accept connections only from localhost # Other choices (not advised) are entry,exit,introduction. AllowUnverifiedNodes middle,rendezvous -# By default, we send log messages to stdout. If you want -# them to go somewhere else, uncomment one or more of these example -# configurations. -### Send all messages of level 'warn' or higher to /var/log/tor/warnings -#LogFile /var/log/tor/warnings +# Logs go to stdout unless redirected by something else, like one of +# the below lines, or --logfile on the command line. +### Send all messages of level 'warn' or higher to @LOCALSTATEDIR@/log/tor/warnings +#LogFile @LOCALSTATEDIR@/log/tor/warnings #LogLevel warn -### Send all debug and info messages to /var/log/tor/debug -#LogFile /var/log/tor/debug +### Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug +#LogFile @LOCALSTATEDIR@/log/tor/debug #LogLevel debug-info -### Send all debug messages ONLY to /var/log/tor/debug -#LogFile /var/log/tor/debug +### Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug +#LogFile @LOCALSTATEDIR@/log/tor/debug #LogLevel debug-debug ### To use the system log instead of Tor's logfiles, uncomment these lines: #SysLog #LogLevel notice -# Uncomment this to start the process in the background +# Uncomment this to start the process in the background... or use +# --runasdaemon 1 on the command line. #RunAsDaemon 1 # The three trusted directory servers on the current Tor network. @@ -52,11 +52,11 @@ DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D ## your configuration. See the README for details. ## The directory for keeping all the keys/etc for this server -#DataDirectory @LOCALSTATEDIR@/lib/tor +DataDirectory @LOCALSTATEDIR@/lib/tor -#Nickname moria # A unique handle for this server -#Address moria.seul.org # The IP or fqdn for this server -#ContactInfo 1024D/28988BF5 Roger Dingledine +#Nickname ididntedithtconfig # A unique handle for this server +#Address noname.example.com # The IP or fqdn for this server +#ContactInfo 1234D/FFFFFFFF Random Person #ORPort 9001 # where to listen for tor connections # If you want to listen on a port other than the one advertised diff --git a/tor.spec.in b/tor.spec.in new file mode 100644 index 0000000000..06bf1dfcb9 --- /dev/null +++ b/tor.spec.in @@ -0,0 +1,249 @@ +## NOTE: tor.spec is autogenerated from tor.spec.in . Edit the latter, +## not the former. + +## Things that need to be edited frequently +# +# This should be incremented whenever the spec file changes, but +# can drop back to zero at a new Tor version + +%define specver 0 + +## Things users may want to change +# +# User (and group) name under which the Tor daemon runs + +%define runuser tordmn + +## Version song and dance +# +# This should be the Tor version number, as it appears on the tarball, +# including any "pre" or "rc" suffix. This gets massaged to +# create the RPM version number, in a way that depends on the Tor +# numbering scheme. +%define native_version @VERSION@ + +# Massage the version so that pre-releases will be treated as earlier +# than release candidates which will be treated as earlier than released +# versions... while making as few confusing changes to the standard +# release naming as possible. +# XXXX009 Execept that handling cvs breaks this. +%define version %(echo %{native_version} | sed 's/-cvs/.cvs/' -e 's/pre/.pre./' -e 's/rc/.rc./' -e 's/([0-9])$/\1.release/') + +## Release and OS identification song and dance +# +# This identifies the lineage of the spec file. This file is the +# standard one that comes with Tor; various distributions may +# have their own ideas about the right ways to do things. +%define pkgspec tor + +# This spec is intended to build and install on multiple distributions. +# Detect the distribution we're building on. + +%define is_rh %(test -e /etc/redhat-release && echo 1 || echo 0) +%define is_fc %(test -e /etc/fedora-release && echo 1 || echo 0) +%define is_mdk %(test -e /etc/mandrake-release && echo 1 || echo 0) +%define is_suse %(test -e /etc/SuSE-release && echo 1 || echo 0) + +%if %{is_fc} +%define ostag %(sed -e 's/^.*release /fc/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/fedora-release) +%endif + +%if %{is_rh} +%define ostag %(sed -e 's/^.*release /rh/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redhat-release) +%endif + +# These are probably wrong... just placeholders should we actually +# end up supporting these distributions + +%if %{is_mdk} +%define ostag mdk +%endif + +%if %{is_suse} +%define ostag suse +%endif + +# Using the build date ensures that every build really does get +# a different release number. +%define blddate %(date -u +"%Y%m%d%H%M") + +# ... and here it is. +%define release %{pkgspec}.%{specver}.%{ostag}.%{blddate} + +## General-purpose macros +# +# Some systems don't have some macros. If a macro doesn't seem +# to exist on your system, add it here... + +%if %{!?__make:1}%{?__make:0} +%define __make make +%endif + +%if %{!?make:1}%{?make:0} +%define make %{__make} +%endif + +%if %{!?_localstatedir:1}%{?_localstatedir:0} +%define _localstatedir @LOCALSTATEDIR@ +%endif + +## Package information +# +Name: tor +Version: %{version} +Release: %{release} + +Summary: Anonymizing overlay network for TCP (The onion router) +URL: http://freehaven.net/%{name}/ +Group: System Environment/Daemons + +License: BSD-like +Vendor: R. Dingledine +Packager: Nick Mathewson + +Requires: openssl >= 0.9.6 +BuildRequires: openssl-devel >= 0.9.6, rpm-build >= 4.0 +Requires(pre): shadow-utils, /usr/bin/id, /bin/date, /bin/sh +Requires(pre): %{_sbindir}/useradd, %{_sbindir}/groupadd + +Source0: http://freehaven.net/%{name}/dist/%{name}-%{native_version}.tar.gz + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root + +%description +Tor is a connection-based low-latency anonymous communication system. + +This package provides the "tor" program, which serves as both a client and +a relay node. Scripts will automatically create a "%{runuser}" user and +group, and set tor up to run as a daemon when the system is rebooted. + +Clients connect to their local Tor servers using the SOCKS5 +protocol. The local server chooses a path through a set of relays, in +which each relay knows its predecessor and successor, but no +others. Traffic flowing down the circuit is unwrapped by a symmetric +key at each relay, which reveals the downstream node. + +Warnings: Tor does no protocol cleaning. That means there is a danger +that application protocols and associated programs can be induced to +reveal information about the initiator. Tor depends on Privoxy and +similar protocol cleaners to solve this problem. This is alpha code, +and is even more likely than released code to have anonymity-spoiling +bugs. The present network is very small -- this further reduces the +strength of the anonymity provided. Tor is not presently suitable +for high-stakes anonymity. + +%prep +%setup -q -n %{name}-%{native_version} + +# Patch the startup script to use the right user and group IDs. Force +# the use of /bin/sh as the shell for the "tor" account. +ed -s contrib/tor.sh.in << '/EOF/' > /dev/null +,s/^TORUSER=$/TORUSER=%{runuser}/ +,s/^TORGROUP=$/TORGROUP=%{runuser}/ +,s:/bin/su:/bin/su -s /bin/sh: +# +# Save and exit ed +w +q +/EOF/ + +%build +%configure +%make + +%install +%makeinstall + +# Install init script. +%__mkdir_p ${RPM_BUILD_ROOT}%{_initrddir} +%__install -p -m 755 contrib/tor.sh ${RPM_BUILD_ROOT}%{_initrddir}/%{name} + +# Set up config file; "sample" file implements a basic user node. +%__install -p -m 644 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc.sample ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc + +# Create a logrotate file. This should really be a source file, +# but hey... +%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d +%__cat > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} << /EOF/ +%{_localstatedir}/log/%{name} { + missingok + notifempty + sharedscripts +} +/EOF/ + +# Directories that don't have any preinstalled files +%__mkdir_p -m 700 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name} +%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name} +%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/log/%{name} + +%clean +[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} + +# These scripts are probably wrong for Mandrake or SuSe. They're certainly +# wrong for Debian, but what are you doing using RPM on Debian? +%pre +[ -f %{_initrddir}/%{name} ] && /sbin/service %{name} stop +if [ ! -n "`/usr/bin/id -g %{runuser} 2>/dev/null`" ]; then + # One would like to default the GID, but doing that properly would + # require thought. + %{_sbindir}/groupadd %{runuser} 2> /dev/null +fi +if [ ! -n "`/usr/bin/id -u %{runuser} 2>/dev/null`" ]; then + # One would also like to default the UID, but doing that properly would + # also require thought. + if [ -x /sbin/nologin ]; then + %{_sbindir}/useradd -r -g %{runuser} -d / -s /sbin/nologin %{runuser} 2> /dev/null + else + %{_sbindir}/useradd -r -g %{runuser} -d / -s /bin/false %{runuser} 2> /dev/null + fi +fi +exit 0 + +%post +/sbin/chkconfig --add %{name} +exit 0 + +%preun +/sbin/chkconfig --del %{name} +exit 0 + +%files +%defattr(-,root,root) +%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO doc/FAQ +%{_mandir}/man*/* +%{_bindir}/tor +%{_bindir}/torify +%{_bindir}/tor-resolve +%config %{_initrddir}/%{name} +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/logrotate.d/%{name} +%dir %attr(0750,root,%{runuser}) %{_sysconfdir}/%{name}/ +%config(noreplace) %attr(0640,root,%{runuser}) %{_sysconfdir}/%{name}/* +%attr(0700,%{runuser},%{runuser}) %dir %{_localstatedir}/lib/%{name} +%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name} +%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name} + +%changelog +* Tue Nov 5 2004 John Bashinski +- Add skeletal support for multiple distributions +- Even more ridiculous level of macro-ization +- Modify version numbers so RPM can determine when it has a newer version +- Return to including distribution name in package release number +- Sharply trim description +- Change user/group name from "tor" to "tordmn"; "tor" is a common + given name (reported by Marius Hjelle) +- Change group to "System Environment/Daemons" (suggested by Marius Hjelle) +- Create logrotate file (suggested by Marius Hjelle) +- Make Tor run as a user proxy by default (suggested by Marius Hjelle) +- Autogenerate spec file from GNU autotools data, substituting version + and whatnot +- Be perhaps excessively paranoid with config file and directory modes +- Remove auto-start and auto-stop at installation time; there's some kind + of weird race going on, and it's arguably a bad thing anyway. + +* Mon Jun 06 2004 Nick Mathewson 0.0.7-0.std.0.1.rc2 +- Make spec file more happy with fc2 packaging + +* Sat Jan 17 2004 John Bashinski +- Basic spec file; tested with Red Hat 9. +