commit: 301fc385334f2303e89957ad6a1bca3337561041 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Sat Dec 13 20:09:18 2025 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Sat Dec 13 20:09:18 2025 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=301fc385
net-vpn/tor: treeclean Signed-off-by: orbea <orbea <AT> riseup.net> net-vpn/tor/Manifest | 3 - net-vpn/tor/files/README.gentoo | 8 - net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ---- net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch | 100 ------------ net-vpn/tor/files/tor.confd | 3 - net-vpn/tor/files/tor.initd-r9 | 37 ----- net-vpn/tor/files/tor.service | 38 ----- net-vpn/tor/files/torrc-r2 | 7 - net-vpn/tor/metadata.xml | 20 --- net-vpn/tor/tor-0.4.8.16.ebuild | 200 ----------------------- 10 files changed, 447 deletions(-) diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest deleted file mode 100644 index ca0a6d4..0000000 --- a/net-vpn/tor/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST tor-0.4.8.16.tar.gz 9930424 BLAKE2B fdaf3d124d3e1b11589a5219033c8d37d3e6c8986ff60e930d2bf80532dd6be4c7ee1634bd0806bd283a9954e4478f3be7b9b61abd13e3274fef3b8373df1b00 SHA512 4815fe3da63f582e8347ab5c4fcec75816c06e79a3b420ba15a03d6d7f4a12654b771555a9271ea66fb8f4f007e4772224e565ee02b920fed90b3e530a588d94 -DIST tor-0.4.8.16.tar.gz.sha256sum 86 BLAKE2B fed27331bd5119d9913acfdbb290d454ceee9d4c3f633e50e9e590c31a2753a206874e35447e4e54ec1fad323e38e6be8594aa991cb5b4ddf543740a22930c48 SHA512 9f7af97a64948551dffb6e565b8ead1cc7020ca7823bce27da8540eb0b3b4fd27c66709495c3f6e4ef0aa0bdb7854c1b1ed167de3ee8506081ba9ed92a0ea115 -DIST tor-0.4.8.16.tar.gz.sha256sum.asc 716 BLAKE2B 65c903ecb214d1f799cfef780612650a6d70e542007cee26aede1d55bd8bc3b77cc64d805b45824f97b92fef58f628c5d3c0c2a7c2fca82a5f488556763e2527 SHA512 234de1b626a2e9cb7ecc5ea82b609b8962a6b736169180a1412c8232f4eedf6296e637aea6dcdbe69c7f6ef1f63e541686560aad288f74b5e0c5ff32b5d9dbf7 diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo deleted file mode 100644 index 35214ac..0000000 --- a/net-vpn/tor/files/README.gentoo +++ /dev/null @@ -1,8 +0,0 @@ -We created a configuration file for tor, /etc/tor/torrc, but you can -change it according to your needs. Use the torrc.sample that is in -that directory as a guide. Also, to have privoxy work with tor -just add the following line - -forward-socks4a / localhost:9050 . - -to /etc/privoxy/config. Notice the . at the end! diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch deleted file mode 100644 index 5f9e258..0000000 --- a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in ---- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400 -+++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400 -@@ -12,6 +12,11 @@ - ## Tor will look for this file in various places based on your platform: - ## https://www.torproject.org/docs/faq#torrc - -+## Default username and group the server will run as -+User tor -+ -+PIDFile /run/tor/tor.pid -+ - ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't - ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only - ## as a relay, and not make any local application connections yourself. -@@ -42,6 +47,7 @@ - #Log notice syslog - ## To send all messages to stderr: - #Log debug stderr -+Log warn syslog - - ## Uncomment this to start the process in the background... or use - ## --runasdaemon 1 on the command line. This is ignored on Windows; -@@ -51,6 +57,7 @@ - ## The directory for keeping all the keys/etc. By default, we store - ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. - #DataDirectory @LOCALSTATEDIR@/lib/tor -+DataDirectory /var/lib/tor/data - - ## The port on which Tor will listen for local connections from Tor - ## controller applications, as documented in control-spec.txt. diff --git a/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch b/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch deleted file mode 100644 index 4398029..0000000 --- a/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch +++ /dev/null @@ -1,100 +0,0 @@ -https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/887 - -From e811c52508d1424bd8b28cf4c6bd26ff0a62ca2b Mon Sep 17 00:00:00 2001 -From: orbea <[email protected]> -Date: Wed, 30 Apr 2025 11:47:13 -0700 -Subject: [PATCH] compat_openssl: fix for LibreSSL 4.1.0 - -Starting with LibreSSL 4.1.0 this now causes a build failure: - -src/lib/tls/tortls_openssl.c: In function 'tor_tls_setup_session_secret_cb': -src/lib/tls/tortls_openssl.c:1059:39: error: passing argument 2 of 'SSL_set_session_secret_cb' from incompatible pointer type [-Wincompatible-pointer-types] - 1059 | SSL_set_session_secret_cb(tls->ssl, tor_tls_session_secret_cb, NULL); - | ^~~~~~~~~~~~~~~~~~~~~~~~~ - | | - | int (*)(SSL *, void *, int *, struct stack_st_SSL_CIPHER *, SSL_CIPHER **, void *) {aka int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, struct ssl_cipher_st **, void *)} -In file included from src/lib/tls/tortls_openssl.c:48: -/usr/include/openssl/ssl.h:1489:30: note: expected 'tls_session_secret_cb_fn' {aka 'int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, const struct ssl_cipher_st **, void *)'} but argument is of type 'int (*)(SSL *, void *, int *, struct stack_st_SSL_CIPHER *, SSL_CIPHER **, void *)' {aka 'int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, struct ssl_cipher_st **, void *)'} - 1489 | tls_session_secret_cb_fn tls_session_secret_cb, void *arg); - | ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~ - -Signed-off-by: orbea <[email protected]> ---- - src/lib/crypt_ops/compat_openssl.h | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/754 - -From 48f8d6918977673125d53a85d19d709136106739 Mon Sep 17 00:00:00 2001 -From: orbea <[email protected]> -Date: Thu, 31 Aug 2023 14:35:52 -0700 -Subject: [PATCH] crypt_openssl_mgt: define DISABLE_ENGINES after - OPENSSL_NO_ENGINE - -With LibreSSL-3.8.1 these engines are no long available causing a build -failure, but LibreSSL correctly defines OPENSSL_NO_ENGINE as part of its -opensslfeatures.h. However Tor includes crypto_openssl_mgt.h before any -of the openssl includes which would define OPENSSL_NO_ENGINE and then -fails to define DISABLE_ENGINES. - -As the define is used in only a single .c file it is best to move it -there. - -Signed-off-by: orbea <[email protected]> ---- - src/lib/crypt_ops/crypto_openssl_mgt.c | 5 +++++ - src/lib/crypt_ops/crypto_openssl_mgt.h | 5 ----- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h -index c5eccdb015..e61549be9b 100644 ---- a/src/lib/crypt_ops/compat_openssl.h -+++ b/src/lib/crypt_ops/compat_openssl.h -@@ -37,10 +37,14 @@ - (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ - ((st) == SSL3_ST_SW_SRVR_HELLO_B)) - #define OSSL_HANDSHAKE_STATE int --#define CONST_IF_OPENSSL_1_1_API - #else - #define STATE_IS_SW_SERVER_HELLO(st) \ - ((st) == TLS_ST_SW_SRVR_HELLO) -+#endif -+ -+#if !defined(OPENSSL_1_1_API) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x4010000fL) -+#define CONST_IF_OPENSSL_1_1_API -+#else - #define CONST_IF_OPENSSL_1_1_API const - #endif - -diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c -index 6c01cb6aa8..ca12a82518 100644 ---- a/src/lib/crypt_ops/crypto_openssl_mgt.c -+++ b/src/lib/crypt_ops/crypto_openssl_mgt.c -@@ -40,6 +40,11 @@ ENABLE_GCC_WARNING("-Wredundant-decls") - - #include <string.h> - -+#ifdef OPENSSL_NO_ENGINE -+/* Android's OpenSSL seems to have removed all of its Engine support. */ -+#define DISABLE_ENGINES -+#endif -+ - #ifndef NEW_THREAD_API - /** A number of preallocated mutexes for use by OpenSSL. */ - static tor_mutex_t **openssl_mutexes_ = NULL; -diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h -index 96a37721dd..eac0ec1977 100644 ---- a/src/lib/crypt_ops/crypto_openssl_mgt.h -+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h -@@ -49,11 +49,6 @@ - #define OPENSSL_V_SERIES(a,b,c) \ - OPENSSL_VER((a),(b),(c),0,0) - --#ifdef OPENSSL_NO_ENGINE --/* Android's OpenSSL seems to have removed all of its Engine support. */ --#define DISABLE_ENGINES --#endif -- - #if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) - /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require - * setting up various callbacks. diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd deleted file mode 100644 index 4195bf3..0000000 --- a/net-vpn/tor/files/tor.confd +++ /dev/null @@ -1,3 +0,0 @@ -# -# Set the file limit -rc_ulimit="-n 30000" diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9 deleted file mode 100644 index c1639c2..0000000 --- a/net-vpn/tor/files/tor.initd-r9 +++ /dev/null @@ -1,37 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -command=/usr/bin/tor -pidfile=/run/tor/tor.pid -command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\"" -retry=${GRACEFUL_TIMEOUT:-60} -stopsig=INT -command_progress=yes - -extra_commands="checkconfig" -extra_started_commands="reload" -description="Anonymizing overlay network for TCP" -description_checkconfig="Check for valid config file" -description_reload="Reload the configuration" - -checkconfig() { - ${command} --verify-config --hush > /dev/null 2>&1 - if [ $? -ne 0 ] ; then - eerror "Tor configuration (/etc/tor/torrc) is not valid." - eerror "Example is in /etc/tor/torrc.sample" - return 1 - fi -} - -start_pre() { - checkconfig || return 1 - checkpath -d -m 0755 -o tor:tor /run/tor -} - -reload() { - checkconfig || return 1 - ebegin "Reloading Tor configuration" - start-stop-daemon -s HUP --pidfile ${pidfile} - eend $? -} diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service deleted file mode 100644 index 1663824..0000000 --- a/net-vpn/tor/files/tor.service +++ /dev/null @@ -1,38 +0,0 @@ -# tor.service -- this systemd configuration file for Tor sets up a -# relatively conservative, hardened Tor service. You may need to -# edit it if you are making changes to your Tor configuration that it -# does not allow. Package maintainers: this should be a starting point -# for your tor.service; it is not the last point. - -[Unit] -Description=Anonymizing overlay network for TCP -After=syslog.target network.target nss-lookup.target - -[Service] -Type=notify -NotifyAccess=all -ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config -ExecStart=/usr/bin/tor -f /etc/tor/torrc -ExecReload=/bin/kill -HUP ${MAINPID} -KillSignal=SIGINT -TimeoutSec=60 -Restart=on-failure -WatchdogSec=1m -LimitNOFILE=32768 - -# Hardening -Group=tor -RuntimeDirectory=tor -RuntimeDirectoryMode=0770 -PrivateTmp=yes -PrivateDevices=yes -ProtectHome=yes -ProtectSystem=full -ReadOnlyDirectories=/ -ReadWriteDirectories=-/var/lib/tor -ReadWriteDirectories=-/var/log/tor -NoNewPrivileges=yes -CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE - -[Install] -WantedBy=multi-user.target diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2 deleted file mode 100644 index b308104..0000000 --- a/net-vpn/tor/files/torrc-r2 +++ /dev/null @@ -1,7 +0,0 @@ -# -# Minimal torrc so tor will work out of the box -# -User tor -PIDFile /run/tor/tor.pid -Log notice syslog -DataDirectory /var/lib/tor/data diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml deleted file mode 100644 index c5805ac..0000000 --- a/net-vpn/tor/metadata.xml +++ /dev/null @@ -1,20 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> -<pkgmetadata> - <maintainer type="person"> - <email>[email protected]</email> - <name>John Helmert III</name> - </maintainer> - <maintainer type="person"> - <email>[email protected]</email> - <name>Sam James</name> - </maintainer> - <use> - <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag> - <flag name="server">Enable tor's relay module so it can operate as a relay/bridge/authority</flag> - </use> - <upstream> - <bugs-to>https://support.torproject.org/misc/bug-or-feedback/</bugs-to> - <changelog>https://gitlab.torproject.org/tpo/core/tor/-/raw/main/ChangeLog</changelog> - </upstream> -</pkgmetadata> diff --git a/net-vpn/tor/tor-0.4.8.16.ebuild b/net-vpn/tor/tor-0.4.8.16.ebuild deleted file mode 100644 index 9de7688..0000000 --- a/net-vpn/tor/tor-0.4.8.16.ebuild +++ /dev/null @@ -1,200 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..13} ) -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc -inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig - -MY_PV="$(ver_rs 4 -)" -MY_PF="${PN}-${MY_PV}" -DESCRIPTION="Anonymizing overlay network for TCP" -HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"; - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"; - inherit autotools git-r3 -else - SRC_URI=" - https://www.torproject.org/dist/${MY_PF}.tar.gz - https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz - verify-sig? ( - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc - ) - " - - S="${WORKDIR}/${MY_PF}" - - if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos" - fi - - BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" -fi - -# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version) -# We also already had GPL-2 listed here for the init script, but obviously -# that's different from the actual binary. -LICENSE="BSD GPL-2 GPL-3" -SLOT="0" -IUSE="caps doc hardened lzma +man scrypt seccomp selinux +server systemd test zstd" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=dev-libs/libevent-2.1.12-r1:=[ssl] - dev-libs/openssl:=[-bindist(-)] - sys-libs/zlib - caps? ( sys-libs/libcap ) - man? ( app-text/asciidoc ) - lzma? ( app-arch/xz-utils ) - scrypt? ( app-crypt/libscrypt ) - seccomp? ( >=sys-libs/libseccomp-2.4.1 ) - systemd? ( sys-apps/systemd:= ) - zstd? ( app-arch/zstd:= ) -" -DEPEND=" - ${RDEPEND} - test? ( - ${DEPEND} - ${PYTHON_DEPS} - ) -" -RDEPEND+=" - acct-user/tor - acct-group/tor - selinux? ( sec-policy/selinux-tor ) -" -BDEPEND+=" - acct-user/tor - acct-group/tor -" - -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch - "${FILESDIR}"/${PN}-0.4.7.13-opensslconf.patch -) - -QA_CONFIG_IMPL_DECL_SKIP=( - # test correctly fails because -lnacl fails if not available - # https://bugs.gentoo.org/900092 - crypto_scalarmult_curve25519 -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_unpack() { - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - else - if use verify-sig; then - cd "${DISTDIR}" || die - verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} - verify-sig_verify_unsigned_checksums \ - ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz - cd "${WORKDIR}" || die - fi - - default - fi -} - -src_prepare() { - default - - # Running shellcheck automagically isn't useful for ebuild testing. - echo "exit 0" > scripts/maint/checkShellScripts.sh || die - - if [[ ${PV} == 9999 ]] ; then - eautoreconf - fi -} - -src_configure() { - use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) - - export ac_cv_lib_cap_cap_init=$(usex caps) - export tor_cv_PYTHON="${EPYTHON}" - - local myeconfargs=( - --localstatedir="${EPREFIX}/var" - --disable-all-bugs-are-fatal - --enable-system-torrc - --disable-android - --disable-coverage - --disable-html-manual - --disable-libfuzzer - --enable-missing-doc-warnings - --disable-module-dirauth - --enable-pic - --disable-restart-debugging - - # Unless someone asks & has a compelling reason, just always - # build in GPL mode for pow, given we don't want yet another USE - # flag combination to have to test just for the sake of it. - # (PoW requires GPL.) - --enable-gpl - --enable-module-pow - - $(use_enable hardened gcc-hardening) - $(use_enable hardened linker-hardening) - $(use_enable man asciidoc) - $(use_enable man manpage) - $(use_enable lzma) - $(use_enable scrypt libscrypt) - $(use_enable seccomp) - $(use_enable server module-relay) - $(use_enable systemd) - $(use_enable test unittests) - $(use_enable zstd) - ) - - econf "${myeconfargs[@]}" -} - -src_test() { - local skip_tests=( - # Fails in sandbox - :sandbox/open_filename - :sandbox/openat_filename - ) - - if use arm ; then - skip_tests+=( - # bug #920905 - # https://gitlab.torproject.org/tpo/core/tor/-/issues/40912 - :sandbox/opendir_dirname - :sandbox/openat_filename - :sandbox/chmod_filename - :sandbox/chown_filename - :sandbox/rename_filename - ) - fi - - # The makefile runs these by parallel by chunking them with a script - # but that means we lose verbosity and can't skip individual tests easily - # either. - edo ./src/test/test --verbose "${skip_tests[@]}" -} - -src_install() { - default - readme.gentoo_create_doc - - newconfd "${FILESDIR}"/tor.confd tor - newinitd "${FILESDIR}"/tor.initd-r9 tor - systemd_dounit "${FILESDIR}"/tor.service - - keepdir /var/lib/tor - - fperms 750 /var/lib/tor - fowners tor:tor /var/lib/tor - - insinto /etc/tor/ - newins "${FILESDIR}"/torrc-r2 torrc -}
