diff options
author | Sam James <sam@gentoo.org> | 2023-09-19 10:18:21 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2023-09-19 10:18:21 +0100 |
commit | 2c24abe3c96312a18be71666f9fb6b3bbb986514 (patch) | |
tree | 974e791952b254ac1ae65294c5d3d621fe2b8e9d /net-vpn | |
parent | sys-devel/clang-common: adapt to 17 final (hardened mode); disable F_S for fr... (diff) | |
download | gentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.tar.gz gentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.tar.bz2 gentoo-2c24abe3c96312a18be71666f9fb6b3bbb986514.zip |
net-vpn/tor: add 0.4.8.6
Drop setting --disable-zstd-advanced-apis per https://gitlab.torproject.org/tpo/core/tor/-/issues/40815
as it's been downgraded to a far less scary message.
Bug: https://gitlab.torproject.org/tpo/core/tor/-/issues/40815
Closes: https://bugs.gentoo.org/727406
Closes: https://bugs.gentoo.org/905708
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-vpn')
-rw-r--r-- | net-vpn/tor/Manifest | 3 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.8.6.ebuild | 177 | ||||
-rw-r--r-- | net-vpn/tor/tor-9999.ebuild | 10 |
3 files changed, 181 insertions, 9 deletions
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index b419a4dd5a81..0f8a142ca161 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -10,3 +10,6 @@ DIST tor-0.4.8.4.tar.gz.sha256sum.asc 1321 BLAKE2B 6771028385a9d13ff00314ac98b6b DIST tor-0.4.8.5.tar.gz 8237202 BLAKE2B 71a4807284ecefc4a18d6bc15ce798844304f860338b786590779fb171f851d630e8af3114dbc84fe854561e0085dcb147b4dd87787988a8fb6c3628bfcc8175 SHA512 37be85e4e707682c5234ec471cb18775b3681eae2293df9c1d1192157147e4f3a08f00c33b2fc9574bbfc4f8d3fa3f4063413bbfbc536832df4a258076632be1 DIST tor-0.4.8.5.tar.gz.sha256sum 85 BLAKE2B eddb6cf660e9e5b0eef20477d4536a0063bf8dcd0da75238514e620a9f6046431d656d4492f3765f14ff99175525dc4ae5c66f7f5ed0e1f7efe69e8f3b2a9583 SHA512 bda3ebb7ae915519e3ef4f3465045abb14e1cc3322ce2c9813c1189bcc33ef45f9aeecfd59bfb13cbb07e5dfd56fc7794f6fcaf18b752c8207d0e70934cc1e11 DIST tor-0.4.8.5.tar.gz.sha256sum.asc 716 BLAKE2B 5748744112694c1d7cd2b6e622f9469308595422cd44a1142985880e32b3a5cadfe7410b2c1b5bc59a001fb3d086246a76074314b53eb0ae38e37ea4736f66c5 SHA512 55cf2c7fc92d33afc4f569a0c27fb187d757d441b706e2562a3da6eb6032498e24450199927bcddcfaa697f7e2273dd2f4a047ef35ea3e53287ae4208432bdf9 +DIST tor-0.4.8.6.tar.gz 8246788 BLAKE2B e26b802d42be24361362bd74dd24b54a336516b58cd717c08864c9a5db54bb591849145156693f4968a8b671be23421d957cd814834a2605b8ae8e46b3264eb4 SHA512 dcaed1ce0df62b02fd3feb991c890d36ca89b7ab66301b170d1ffc6ae7835102c11266a674434b8a75d235777da67c9acb1c1127f27fd8a1b3890b0256750ba0 +DIST tor-0.4.8.6.tar.gz.sha256sum 85 BLAKE2B 0baac2f492c9046273a18161e3d2f102c2d94764cb3a57d6c8ed78562fe33a411e869cb631526ffa13f33fe74d15d835c636f9836f7cc210df8eca74384e1905 SHA512 68a15a12ae75d9cdf2c05431af5d9801510e64da59600b874e0e64fe405e0c986427892800d234affcd7978d5c8ab6bdad73de59d456eb15c776669951e2cf59 +DIST tor-0.4.8.6.tar.gz.sha256sum.asc 716 BLAKE2B 9a26c070f23d3e89467105ed195bc7cbe9fd7e2b55961066905312bd620dae509c1900ef8f7a04154739442a6430393151ef034214211feec8e50c7ab5754ae1 SHA512 65e96f899e20c0619944044438564398a8d17157206a5406b3c41776950d062f34ab98df45bbfcda48a86489945fb5077d16a97f815ff1b9892df252af8b5431 diff --git a/net-vpn/tor/tor-0.4.8.6.ebuild b/net-vpn/tor/tor-0.4.8.6.ebuild new file mode 100644 index 000000000000..558f330e7a58 --- /dev/null +++ b/net-vpn/tor/tor-0.4.8.6.ebuild @@ -0,0 +1,177 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc +inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" + inherit autotools git-r3 +else + SRC_URI=" + https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz + verify-sig? ( + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum + https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc + ) + " + + S="${WORKDIR}/${MY_PF}" + + if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos" + fi + + BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" +fi + +# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version) +# We also already had GPL-2 listed here for the init script, but obviously +# that's different from the actual binary. +LICENSE="BSD GPL-2 GPL-3" +SLOT="0" +IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/libevent-2.1.12-r1:=[ssl] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + dev-libs/openssl:=[-bindist(-)] + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd:= ) +" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor ) +" +DEPEND+=" + test? ( + ${DEPEND} + ${PYTHON_DEPS} + ) +" + +DOCS=() + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + else + if use verify-sig; then + cd "${DISTDIR}" || die + verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} + verify-sig_verify_unsigned_checksums \ + ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz + cd "${WORKDIR}" || die + fi + + default + fi +} + +src_prepare() { + default + + # Running shellcheck automagically isn't useful for ebuild testing. + echo "exit 0" > scripts/maint/checkShellScripts.sh || die + + if [[ ${PV} == 9999 ]] ; then + eautoreconf + fi +} + +src_configure() { + use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) + + export ac_cv_lib_cap_cap_init=$(usex caps) + export tor_cv_PYTHON="${EPYTHON}" + + local myeconfargs=( + --localstatedir="${EPREFIX}/var" + --disable-all-bugs-are-fatal + --enable-system-torrc + --disable-android + --disable-coverage + --disable-html-manual + --disable-libfuzzer + --enable-missing-doc-warnings + --disable-module-dirauth + --enable-pic + --disable-restart-debugging + + # Unless someone asks & has a compelling reason, just always + # build in GPL mode for pow, given we don't want yet another USE + # flag combination to have to test just for the sake of it. + # (PoW requires GPL.) + --enable-gpl + --enable-module-pow + + $(use_enable man asciidoc) + $(use_enable man manpage) + $(use_enable lzma) + $(use_enable scrypt libscrypt) + $(use_enable seccomp) + $(use_enable server module-relay) + $(use_enable systemd) + $(use_enable tor-hardening gcc-hardening) + $(use_enable tor-hardening linker-hardening) + $(use_enable test unittests) + $(use_enable zstd) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + local skip_tests=( + # Fails in sandbox + :sandbox/open_filename + :sandbox/openat_filename + ) + + # The makefile runs these by parallel by chunking them with a script + # but that means we lose verbosity and can't skip individual tests easily + # either. + edo ./src/test/test --verbose "${skip_tests[@]}" +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r9 tor + systemd_dounit "${FILESDIR}"/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r2 torrc +} diff --git a/net-vpn/tor/tor-9999.ebuild b/net-vpn/tor/tor-9999.ebuild index 8c577a42be89..558f330e7a58 100644 --- a/net-vpn/tor/tor-9999.ebuild +++ b/net-vpn/tor/tor-9999.ebuild @@ -52,7 +52,7 @@ DEPEND=" scrypt? ( app-crypt/libscrypt ) seccomp? ( >=sys-libs/libseccomp-2.4.1 ) systemd? ( sys-apps/systemd ) - zstd? ( app-arch/zstd ) + zstd? ( app-arch/zstd:= ) " RDEPEND=" acct-user/tor @@ -130,14 +130,6 @@ src_configure() { --enable-gpl --enable-module-pow - # This option is enabled by default upstream w/ zstd, surprisingly. - # zstd upstream says this shouldn't be relied upon and it may - # break API & ABI at any point, so Tor tries to fake static-linking - # to make it work, but then requires a rebuild on any new zstd version - # even when its standard ABI hasn't changed. - # See bug #727406 and bug #905708. - --disable-zstd-advanced-apis - $(use_enable man asciidoc) $(use_enable man manpage) $(use_enable lzma) |