From 50b5be44e7319fff46d20c8fdfcbdb1b7066edcf Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Fri, 16 Feb 2018 12:21:02 -0500 Subject: [PATCH] Add experimental Tor support to base libreCMC Pulled in libcap and tor from upstream master. --- package/libs/libcap/Makefile | 58 +++++++ .../libs/libcap/patches/100-portability.patch | 19 +++ package/network/services/tor/Makefile | 145 ++++++++++++++++++ package/network/services/tor/files/tor.init | 26 ++++ .../services/tor/patches/001-torrc.patch | 25 +++ 5 files changed, 273 insertions(+) create mode 100644 package/libs/libcap/Makefile create mode 100644 package/libs/libcap/patches/100-portability.patch create mode 100644 package/network/services/tor/Makefile create mode 100644 package/network/services/tor/files/tor.init create mode 100644 package/network/services/tor/patches/001-torrc.patch diff --git a/package/libs/libcap/Makefile b/package/libs/libcap/Makefile new file mode 100644 index 0000000000..e60b8978c5 --- /dev/null +++ b/package/libs/libcap/Makefile @@ -0,0 +1,58 @@ +# +# Copyright (C) 2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=libcap +PKG_VERSION:=2.25 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=@KERNEL/linux/libs/security/linux-privs/libcap2 +PKG_HASH:=693c8ac51e983ee678205571ef272439d83afe62dd8e424ea14ad9790bc35162 +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=License +PKG_MAINTAINER:=Paul Wassi + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/kernel.mk + +define Package/libcap + TITLE:=Linux capabilities library + SECTION:=libs + CATEGORY:=Libraries + URL:=http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/ +endef + +MAKE_FLAGS += \ + CFLAGS="$(TARGET_CFLAGS)" \ + BUILD_CC="$(CC)" \ + BUILD_CFLAGS="$(FPIC) -I$(PKG_BUILD_DIR)/libcap/include" \ + CFLAGS="$(TARGET_CFLAGS)" \ + LD="$(TARGET_CC)" \ + LDFLAGS="$(TARGET_LDFLAGS) -shared" \ + INDENT="| true" \ + PAM_CAP="no" \ + RAISE_SETFCAP="no" \ + DYNAMIC="yes" \ + lib="lib" + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/sys + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/lib/* $(1)/usr/lib/ +endef + +define Package/libcap/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/lib/libcap.so* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libcap)) diff --git a/package/libs/libcap/patches/100-portability.patch b/package/libs/libcap/patches/100-portability.patch new file mode 100644 index 0000000000..735a97396b --- /dev/null +++ b/package/libs/libcap/patches/100-portability.patch @@ -0,0 +1,19 @@ +--- a/libcap/_makenames.c ++++ b/libcap/_makenames.c +@@ -7,7 +7,6 @@ + + #include + #include +-#include + + /* + * #include 'sed' generated array +@@ -22,7 +21,7 @@ struct { + }; + + /* this should be more than big enough (factor of three at least) */ +-const char *pointers[8*sizeof(struct __user_cap_data_struct)]; ++const char *pointers[8*12]; + + int main(void) + { diff --git a/package/network/services/tor/Makefile b/package/network/services/tor/Makefile new file mode 100644 index 0000000000..d1787dd260 --- /dev/null +++ b/package/network/services/tor/Makefile @@ -0,0 +1,145 @@ +# +# Copyright (C) 2008-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=tor +PKG_VERSION:=0.3.2.9 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://dist.torproject.org/ \ + https://archive.torproject.org/tor-package-archive +PKG_HASH:=435a7b91aa98d8b1a0ac1f60ca30c0ff3665b18a02e570bab5fe27935829160f +PKG_MAINTAINER:=Hauke Mehrtens +PKG_LICENSE_FILES:=LICENSE + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/tor/Default + SECTION:=net + CATEGORY:=Network + URL:=https://www.torproject.org/ + USERID:=tor=52:tor=52 +endef + +define Package/tor/Default/description + Tor is a toolset for a wide range of organizations and people that want to + improve their safety and security on the Internet. Using Tor can help you + anonymize web browsing and publishing, instant messaging, IRC, SSH, and + more. Tor also provides a platform on which software developers can build + new applications with built-in anonymity, safety, and privacy features. +endef + +define Package/tor +$(call Package/tor/Default) + TITLE:=An anonymous Internet communication system + DEPENDS:=+libevent2 +libopenssl +libpthread +librt +zlib +libcap +endef + +define Package/tor/description +$(call Package/tor/Default/description) + This package contains the tor daemon. +endef + +define Package/tor-gencert +$(call Package/tor/Default) + TITLE:=Tor certificate generation + DEPENDS:=+tor +endef + +define Package/tor-gencert/description +$(call Package/tor/Default/description) + Generate certs and keys for Tor directory authorities +endef + +define Package/tor-resolve +$(call Package/tor/Default) + TITLE:=tor hostname resolve + DEPENDS:=+tor +endef + +define Package/tor-resolve/description +$(call Package/tor/Default/description) + Resolve a hostname to an IP address via tor +endef + +define Package/tor-geoip +$(call Package/tor/Default) + TITLE:=GeoIP db for tor + DEPENDS:=+tor +endef + +define Package/tor-geoip/description +$(call Package/tor/Default/description) + This package contains a GeoIP database mapping IP addresses to countries. +endef + +define Package/tor/conffiles +/etc/tor/torrc +/var/lib/tor/fingerprint +/var/lib/tor/keys/* +endef + +CONFIGURE_ARGS += \ + --with-libevent-dir="$(STAGING_DIR)/usr" \ + --with-ssl-dir="$(STAGING_DIR)/usr" \ + --with-openssl-dir="$(STAGING_DIR)/usr" \ + --with-zlib-dir="$(STAGING_DIR)/usr" \ + --disable-asciidoc \ + --disable-seccomp \ + --disable-libscrypt \ + --disable-unittests \ + --disable-largefile \ + --disable-lzma \ + --with-tor-user=tor \ + --with-tor-group=tor + +EXTRA_CFLAGS += -std=gnu99 + +ifneq ($(CONFIG_SSP_SUPPORT),y) + CONFIGURE_ARGS += \ + --disable-gcc-hardening +else + EXTRA_CFLAGS += -fPIC +endif + +CONFIGURE_VARS += \ + CROSS_COMPILE="yes" + +define Package/tor/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tor $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/torify $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/tor.init $(1)/etc/init.d/tor + $(INSTALL_DIR) $(1)/etc/tor + $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/tor/torrc.sample $(1)/etc/tor/torrc +endef + +define Package/tor-gencert/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tor-gencert $(1)/usr/sbin/ +endef + +define Package/tor-resolve/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tor-resolve $(1)/usr/sbin/ +endef + +define Package/tor-geoip/install + $(INSTALL_DIR) $(1)/usr/share/tor + $(CP) $(PKG_INSTALL_DIR)/usr/share/tor/geoip $(1)/usr/share/tor/ + $(CP) $(PKG_INSTALL_DIR)/usr/share/tor/geoip6 $(1)/usr/share/tor/ +endef + +$(eval $(call BuildPackage,tor)) +$(eval $(call BuildPackage,tor-gencert)) +$(eval $(call BuildPackage,tor-resolve)) +$(eval $(call BuildPackage,tor-geoip)) diff --git a/package/network/services/tor/files/tor.init b/package/network/services/tor/files/tor.init new file mode 100644 index 0000000000..6974057d45 --- /dev/null +++ b/package/network/services/tor/files/tor.init @@ -0,0 +1,26 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2011 OpenWrt.org + +START=50 +STOP=50 + +USE_PROCD=1 + +start_service() { + [ -f /var/run/tor.pid ] || { + touch /var/run/tor.pid + chown tor:tor /var/run/tor.pid + } + [ -d /var/lib/tor ] || { + mkdir -m 0755 -p /var/lib/tor + chmod 0700 /var/lib/tor + chown tor:tor /var/lib/tor + } + [ -d /var/log/tor ] || { + mkdir -m 0755 -p /var/log/tor + chown tor:tor /var/log/tor + } + procd_open_instance + procd_set_param command /usr/sbin/tor --runasdaemon 0 + procd_close_instance +} diff --git a/package/network/services/tor/patches/001-torrc.patch b/package/network/services/tor/patches/001-torrc.patch new file mode 100644 index 0000000000..78d4ee978d --- /dev/null +++ b/package/network/services/tor/patches/001-torrc.patch @@ -0,0 +1,25 @@ +--- a/src/config/torrc.sample.in ++++ b/src/config/torrc.sample.in +@@ -39,7 +39,7 @@ + ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log + #Log debug file @LOCALSTATEDIR@/log/tor/debug.log + ## Use the system log instead of Tor's logfiles +-#Log notice syslog ++Log notice syslog + ## To send all messages to stderr: + #Log debug stderr + +@@ -50,7 +50,7 @@ + + ## The directory for keeping all the keys/etc. By default, we store + ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +-#DataDirectory @LOCALSTATEDIR@/lib/tor ++DataDirectory @LOCALSTATEDIR@/lib/tor + + ## The port on which Tor will listen for local connections from Tor + ## controller applications, as documented in control-spec.txt. +@@ -227,3 +227,4 @@ + #%include /etc/torrc.d/ + #%include /etc/torrc.custom + ++User tor -- 2.25.1