kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/tor/files/tor.in
Yuri Victorovich 5c3a344f6e security/tor: Update to 0.3.2.10 
Backport of countermeasures to mitigate denial-of-service
attacks against the Tor network.

Changelog is in:
https://gitweb.torproject.org/tor.git/tree/ChangeLog

None of these fixes appear to be essential for clients, but relays
should upgrade.

Port changes:
* Changed the implementation of 'tor_setuid': now it is done through
  the command line argument, instead of the torrc file.

Reported by:	Nick Mathewson <nickm@torproject.org> (notification)
Approved by:	tcberner (mentor, implicit)
2018-03-03 16:00:48 +00:00

132 lines
4 KiB
Bash
Raw Blame History

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: tor
# REQUIRE: DAEMON FILESYSTEMS
# BEFORE: LOGIN
#
# Add the following lines to /etc/rc.conf to enable tor.
# All these options will overide any settings in your local torrc as
# they are command line options.
#
# tor_enable (bool): Set it to "YES" to enable tor. Default: NO
# tor_instances (str): List of instances. Default: ""
# tor_conf (str): Points to your torrc file.
# Default: %%PREFIX%%/etc/tor/torrc
# tor_user (str): Tor daemon user. Default: %%USER%%
# tor_group (str): Tor group. Default: %%GROUP%%
# tor_pidfile (str): Tor pid file. Default: /var/run/tor/tor.pid
# tor_datadir (str): Tor datadir. Default: /var/db/tor
# tor_disable_default_instance (str): Doesn't run the default instance.
# Only valid when tor_instances is used.
# Default: NO
# tor_setuid (str): Runtime setuid. Default: NO
#
# The instance definition that tor_instances expects:
# inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir}
#
. /etc/rc.subr
name="tor"
rcvar=tor_enable
exit_code=0
load_rc_config ${name}
: ${tor_enable="NO"}
: ${tor_instances=""}
: ${tor_conf="%%PREFIX%%/etc/tor/torrc"}
: ${tor_user="%%USER%%"}
: ${tor_group="%%GROUP%%"}
: ${tor_pidfile="/var/run/tor/tor.pid"}
: ${tor_datadir="/var/db/tor"}
: ${tor_disable_default_instance="NO"}
: ${tor_setuid="NO"}
instance=${slave_instance}
if [ -n "${instance}" ]; then
inst_def=${instance}
inst_name=${inst_def%%:*}
[ "${inst_name}" != "main" ] || err 1 "${name} instance can't be named 'main'"
inst_def=${inst_def#$inst_name}
if [ -n "$inst_def" ]; then
# extended instance: parameters are set explicitly
inst_def=${inst_def#:}
tor_conf=${inst_def%%:*}
inst_def=${inst_def#$tor_conf:}
tor_user=${inst_def%%:*}
inst_def=${inst_def#$tor_user:}
tor_group=${inst_def%%:*}
inst_def=${inst_def#$tor_group:}
tor_pidfile=${inst_def%%:*}
tor_datadir=${inst_def#$tor_pidfile:}
if [ -z "${tor_conf}" -o -z "${tor_user}" -o -z "${tor_group}" -o -z "${tor_pidfile}" -o -z "${tor_datadir}" ]; then
warn "invalid tor instance ${inst_name} settings: ${instance}"
exit 1
fi
else
# regular instance: default parameters are used
tor_conf=${tor_conf}@${inst_name}
tor_pidfile=${tor_pidfile}@${inst_name}
tor_datadir=${tor_datadir}/instance@${inst_name}
fi
if ! [ -r ${tor_conf} ]; then
warn "tor instance ${inst_name} config file ${tor_conf} doesn't exist or isn't readable"
warn "you can copy the sample config %%PREFIX%%/etc/tor/torrc.sample and modify it"
exit 1
fi
if ! [ -d ${tor_datadir} ]; then
mkdir -p ${tor_datadir} &&
chown ${tor_user}:${tor_group} ${tor_datadir} &&
chmod 0700 ${tor_datadir} &&
echo "${name}: created the instance data directory ${tor_datadir}"
fi
fi
if [ -z "${instance}" -a -n "${tor_instances}" ]; then
inst_only="$2"
inst_done=0
for i in ${tor_instances}; do
inst_name=${i%%:*}
if [ -z "${inst_only}" -o "${inst_name}" = "${inst_only}" ]; then
echo -n "${name} instance ${inst_name}: "
if ! slave_instance=${i} %%PREFIX%%/etc/rc.d/tor "$1"; then
exit_code=1
fi
inst_done=$((inst_done+1))
fi
done
if [ -z "${inst_only}" -o "${inst_only}" = "main" ]; then
checkyesno tor_disable_default_instance && return $exit_code
echo -n "${name} main instance: "
elif [ -n "${inst_only}" ]; then
[ $inst_done -gt 0 ] || err 1 "${name} instance '$inst_only' isn't defined"
return $exit_code
fi
fi
required_files=${tor_conf}
required_dirs=${tor_datadir}
pidfile=${tor_pidfile}
command="%%PREFIX%%/bin/${name}"
command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}"
extra_commands="reload"
# clear user setting in conf file: it should be done through the command line
if grep -q "^User ${tor_user}$" ${tor_conf}; then
sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf}
fi
if [ $tor_setuid = "YES" ]; then
command_args="${command_args} --User ${tor_user}"
tor_user="root"
tor_group="wheel"
fi
if ! run_rc_command "$1"; then
exit_code=1
fi
return $exit_code
Reference in a new issue View git blame Copy permalink