summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2023-09-19 10:18:21 +0100
committerSam James <sam@gentoo.org>2023-09-19 10:18:21 +0100
commit2c24abe3c96312a18be71666f9fb6b3bbb986514 (patch)
tree974e791952b254ac1ae65294c5d3d621fe2b8e9d /net-vpn
parentsys-devel/clang-common: adapt to 17 final (hardened mode); disable F_S for fr... (diff)
downloadgentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.tar.gz
gentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.tar.bz2
gentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.zip
net-vpn/tor: add 0.4.8.6
Drop setting --disable-zstd-advanced-apis per https://gitlab.torproject.org/tpo/core/tor/-/issues/40815 as it's been downgraded to a far less scary message. Bug: https://gitlab.torproject.org/tpo/core/tor/-/issues/40815 Closes: https://bugs.gentoo.org/727406 Closes: https://bugs.gentoo.org/905708 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-vpn')
-rw-r--r--net-vpn/tor/Manifest3
-rw-r--r--net-vpn/tor/tor-0.4.8.6.ebuild177
-rw-r--r--net-vpn/tor/tor-9999.ebuild10
3 files changed, 181 insertions, 9 deletions
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index b419a4dd5a81..0f8a142ca161 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -10,3 +10,6 @@ DIST tor-0.4.8.4.tar.gz.sha256sum.asc 1321 BLAKE2B 6771028385a9d13ff00314ac98b6b
DIST tor-0.4.8.5.tar.gz 8237202 BLAKE2B 71a4807284ecefc4a18d6bc15ce798844304f860338b786590779fb171f851d630e8af3114dbc84fe854561e0085dcb147b4dd87787988a8fb6c3628bfcc8175 SHA512 37be85e4e707682c5234ec471cb18775b3681eae2293df9c1d1192157147e4f3a08f00c33b2fc9574bbfc4f8d3fa3f4063413bbfbc536832df4a258076632be1
DIST tor-0.4.8.5.tar.gz.sha256sum 85 BLAKE2B eddb6cf660e9e5b0eef20477d4536a0063bf8dcd0da75238514e620a9f6046431d656d4492f3765f14ff99175525dc4ae5c66f7f5ed0e1f7efe69e8f3b2a9583 SHA512 bda3ebb7ae915519e3ef4f3465045abb14e1cc3322ce2c9813c1189bcc33ef45f9aeecfd59bfb13cbb07e5dfd56fc7794f6fcaf18b752c8207d0e70934cc1e11
DIST tor-0.4.8.5.tar.gz.sha256sum.asc 716 BLAKE2B 5748744112694c1d7cd2b6e622f9469308595422cd44a1142985880e32b3a5cadfe7410b2c1b5bc59a001fb3d086246a76074314b53eb0ae38e37ea4736f66c5 SHA512 55cf2c7fc92d33afc4f569a0c27fb187d757d441b706e2562a3da6eb6032498e24450199927bcddcfaa697f7e2273dd2f4a047ef35ea3e53287ae4208432bdf9
+DIST tor-0.4.8.6.tar.gz 8246788 BLAKE2B e26b802d42be24361362bd74dd24b54a336516b58cd717c08864c9a5db54bb591849145156693f4968a8b671be23421d957cd814834a2605b8ae8e46b3264eb4 SHA512 dcaed1ce0df62b02fd3feb991c890d36ca89b7ab66301b170d1ffc6ae7835102c11266a674434b8a75d235777da67c9acb1c1127f27fd8a1b3890b0256750ba0
+DIST tor-0.4.8.6.tar.gz.sha256sum 85 BLAKE2B 0baac2f492c9046273a18161e3d2f102c2d94764cb3a57d6c8ed78562fe33a411e869cb631526ffa13f33fe74d15d835c636f9836f7cc210df8eca74384e1905 SHA512 68a15a12ae75d9cdf2c05431af5d9801510e64da59600b874e0e64fe405e0c986427892800d234affcd7978d5c8ab6bdad73de59d456eb15c776669951e2cf59
+DIST tor-0.4.8.6.tar.gz.sha256sum.asc 716 BLAKE2B 9a26c070f23d3e89467105ed195bc7cbe9fd7e2b55961066905312bd620dae509c1900ef8f7a04154739442a6430393151ef034214211feec8e50c7ab5754ae1 SHA512 65e96f899e20c0619944044438564398a8d17157206a5406b3c41776950d062f34ab98df45bbfcda48a86489945fb5077d16a97f815ff1b9892df252af8b5431
diff --git a/net-vpn/tor/tor-0.4.8.6.ebuild b/net-vpn/tor/tor-0.4.8.6.ebuild
new file mode 100644
index 000000000000..558f330e7a58
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.8.6.ebuild
@@ -0,0 +1,177 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+ inherit autotools git-r3
+else
+ SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+ "
+
+ S="${WORKDIR}/${MY_PF}"
+
+ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+ fi
+
+ BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+fi
+
+# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version)
+# We also already had GPL-2 listed here for the init script, but obviously
+# that's different from the actual binary.
+LICENSE="BSD GPL-2 GPL-3"
+SLOT="0"
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd:= )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # Unless someone asks & has a compelling reason, just always
+ # build in GPL mode for pow, given we don't want yet another USE
+ # flag combination to have to test just for the sake of it.
+ # (PoW requires GPL.)
+ --enable-gpl
+ --enable-module-pow
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ local skip_tests=(
+ # Fails in sandbox
+ :sandbox/open_filename
+ :sandbox/openat_filename
+ )
+
+ # The makefile runs these by parallel by chunking them with a script
+ # but that means we lose verbosity and can't skip individual tests easily
+ # either.
+ edo ./src/test/test --verbose "${skip_tests[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
diff --git a/net-vpn/tor/tor-9999.ebuild b/net-vpn/tor/tor-9999.ebuild
index 8c577a42be89..558f330e7a58 100644
--- a/net-vpn/tor/tor-9999.ebuild
+++ b/net-vpn/tor/tor-9999.ebuild
@@ -52,7 +52,7 @@ DEPEND="
scrypt? ( app-crypt/libscrypt )
seccomp? ( >=sys-libs/libseccomp-2.4.1 )
systemd? ( sys-apps/systemd )
- zstd? ( app-arch/zstd )
+ zstd? ( app-arch/zstd:= )
"
RDEPEND="
acct-user/tor
@@ -130,14 +130,6 @@ src_configure() {
--enable-gpl
--enable-module-pow
- # This option is enabled by default upstream w/ zstd, surprisingly.
- # zstd upstream says this shouldn't be relied upon and it may
- # break API & ABI at any point, so Tor tries to fake static-linking
- # to make it work, but then requires a rebuild on any new zstd version
- # even when its standard ABI hasn't changed.
- # See bug #727406 and bug #905708.
- --disable-zstd-advanced-apis
-
$(use_enable man asciidoc)
$(use_enable man manpage)
$(use_enable lzma)