diff --git a/openwrt/package/Config.in b/openwrt/package/Config.in index 4ec366499..690622731 100644 --- a/openwrt/package/Config.in +++ b/openwrt/package/Config.in @@ -67,6 +67,7 @@ source "package/sipsak/Config.in" source "package/snort/Config.in" source "package/tcpdump/Config.in" source "package/tinc/Config.in" +source "package/tor/Config.in" source "package/ttcp/Config.in" source "package/ulogd/Config.in" source "package/vsftpd/Config.in" diff --git a/openwrt/package/Makefile b/openwrt/package/Makefile index 0d88ed7bd..d595cd756 100644 --- a/openwrt/package/Makefile +++ b/openwrt/package/Makefile @@ -88,6 +88,7 @@ package-$(BR2_PACKAGE_SPEEX) += speex package-$(BR2_PACKAGE_STRACE) += strace package-$(BR2_PACKAGE_TCPDUMP) += tcpdump package-$(BR2_PACKAGE_TINC) += tinc +package-$(BR2_PACKAGE_TOR) += tor package-$(BR2_PACKAGE_TTCP) += ttcp package-$(BR2_PACKAGE_UCLIBCXX) += uclibc++ package-$(BR2_PACKAGE_ULOGD) += ulogd @@ -135,6 +136,7 @@ siproxd-compile: libosip2-compile sipsak-compile: openssl-compile tcpdump-compile: libpcap-compile tinc-compile: zlib-compile openssl-compile lzo-compile +tor-compile: libevent-compile openssl-compile zlib-compile wpa_supplicant-compile: openssl-compile asterisk-compile: openssl-compile diff --git a/openwrt/package/tor/Config.in b/openwrt/package/tor/Config.in new file mode 100644 index 000000000..ac53567d3 --- /dev/null +++ b/openwrt/package/tor/Config.in @@ -0,0 +1,18 @@ +config BR2_PACKAGE_TOR + tristate "tor - An anonymous Internet communication system" +# default m if CONFIG_DEVEL + default n + select BR2_PACKAGE_LIBEVENT + select BR2_PACKAGE_LIBOPENSSL + select BR2_PACKAGE_LIBPTHREAD + select BR2_PACKAGE_ZLIB + help + Tor is a toolset for a wide range of organizations and people that want + to improve their safety and security on the Internet. Using Tor can + help you anonymize web browsing and publishing, instant messaging, + IRC, SSH, and more. Tor also provides a platform on which software + developers can build new applications with built-in anonymity, safety, + and privacy features. + + http://tor.eff.org/ + diff --git a/openwrt/package/tor/Makefile b/openwrt/package/tor/Makefile new file mode 100644 index 000000000..e037da533 --- /dev/null +++ b/openwrt/package/tor/Makefile @@ -0,0 +1,75 @@ +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=tor +PKG_VERSION:=0.1.0.8rc +PKG_RELEASE:=1 +PKG_UPSTREAM_VERSION=0.1.0.8-rc +PKG_MD5SUM:=22f5c162e1c09f8693a21826f6a9999f + +PKG_SOURCE_URL:=http://tor.eff.org/dist/ +PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.gz +PKG_CAT:=zcat + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_UPSTREAM_VERSION) +PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install + +include $(TOPDIR)/package/rules.mk + +$(eval $(call PKG_template,TOR,tor,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + +$(PKG_BUILD_DIR)/.configured: + (cd $(PKG_BUILD_DIR); rm -rf config.{cache,status} ; \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS)" \ + CPPFLAGS="-I$(STAGING_DIR)/usr/include" \ + LDFLAGS="-L$(STAGING_DIR)/usr/lib" \ + ac_cv_libevent_normal=yes \ + ac_cv_openssldir="$(STAGING_DIR)/usr" \ + tor_cv_null_is_zero=yes \ + tor_cv_unaligned_ok=yes \ + ./configure \ + --target=$(GNU_TARGET_NAME) \ + --host=$(GNU_TARGET_NAME) \ + --build=$(GNU_HOST_NAME) \ + --program-prefix="" \ + --program-suffix="" \ + --prefix=/usr \ + --exec-prefix=/usr \ + --bindir=/usr/sbin \ + --datadir=/usr/share \ + --includedir=/usr/include \ + --infodir=/usr/share/info \ + --libdir=/usr/lib \ + --libexecdir=/usr/lib \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --sbindir=/usr/sbin \ + --sysconfdir=/etc \ + $(DISABLE_LARGEFILE) \ + $(DISABLE_NLS) \ + --enable-shared \ + --disable-static \ + ); + touch $@ + +$(PKG_BUILD_DIR)/.built: + rm -rf $(PKG_INSTALL_DIR) + mkdir -p $(PKG_INSTALL_DIR) + $(MAKE) -C $(PKG_BUILD_DIR) \ + CFLAGS="$(TARGET_CFLAGS) -Wall" \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + all install + touch $@ + +$(IPKG_TOR): + install -d -m0755 $(IDIR_TOR)/etc/init.d + install -m0755 ./files/tor.init $(IDIR_TOR)/etc/init.d/tor + install -d -m0755 $(IDIR_TOR)/etc/tor + install -m0644 ./files/torrc $(IDIR_TOR)/etc/tor/torrc + install -d -m0755 $(IDIR_TOR)/usr/sbin + cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/tor $(IDIR_TOR)/usr/sbin/ + $(RSTRIP) $(IDIR_TOR) + $(IPKG_BUILD) $(IDIR_TOR) $(PACKAGE_DIR) + diff --git a/openwrt/package/tor/files/tor.init b/openwrt/package/tor/files/tor.init new file mode 100644 index 000000000..8eb2db49f --- /dev/null +++ b/openwrt/package/tor/files/tor.init @@ -0,0 +1,24 @@ +#!/bin/sh + +BIN=tor +DEFAULT=/etc/default/$BIN +LOG_D=/var/log/$BIN +RUN_D=/var/run +PID_F=$RUN_D/$BIN.pid +[ -f $DEFAULT ] && . $DEFAULT + +case $1 in + start) + mkdir -p $LOG_D + mkdir -p $RUN_D + $BIN $OPTIONS + ;; + stop) + [ -f $PID_F ] && kill $(cat $PID_F) + ;; + *) + echo "usage: $0 (start|stop)" + exit 1 +esac + +exit $? diff --git a/openwrt/package/tor/files/torrc b/openwrt/package/tor/files/torrc new file mode 100644 index 000000000..e5cf75b6e --- /dev/null +++ b/openwrt/package/tor/files/torrc @@ -0,0 +1,136 @@ +## Configuration file for a typical tor user +## Built for Tor version 0.1.0.8-rc +## (May or may not work for older or newer versions of Tor.) +# +# On Unix, Tor will look for this file in someplace like "~/.tor/torrc" or +# "/etc/torrc" +# +# On Windows, Tor will look for the configuration file in someplace like +# "Application Data\tor\torrc" or "Application Data\\tor\torrc" +# +# With the default Mac OS X installer, Tor will look in ~/.tor/torrc or +# /Library/Tor/torrc + + +## Replace this with "SocksPort 0" if you plan to run Tor only as a +## server, and not make any local application connections yourself. +SocksPort 9050 # what port to open for local application connections +SocksBindAddress 127.0.0.1 # accept connections only from localhost +#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port too + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SocksPolicy is set, we accept +## all (and only) requests from SocksBindAddress. +#SocksPolicy accept 192.168.0.1/16 +#SocksPolicy reject * + +## Allow no-name routers (ones that the dirserver operators don't +## know anything about) in only these positions in your circuits. +## Other choices (not advised) are entry,exit,introduction. +AllowUnverifiedNodes middle,rendezvous + +## Logs go to stdout at level "notice" unless redirected by something +## else, like one of the below lines. You can have as many log lines as +## you want. +## +## Send all messages of level 'notice' or higher to /var/log/tor/notices.log +#Log notice file /var/log/tor/notices.log +## Send only debug and info messages to /var/log/tor/debug.log +#Log debug-info file /var/log/tor/debug.log +## Send ONLY debug messages to /var/log/tor/debug.log +#Log debug-debug file /var/log/tor/debug.log +## To use the system log instead of Tor's logfiles, uncomment these lines: +#Log notice syslog +## To send all messages to stderr: +#Log debug stderr + +## Uncomment this to start the process in the background... or use +## --runasdaemon 1 on the command line. +RunAsDaemon 1 + +## Tor only trusts directories signed with one of these keys, and +## uses the given addresses to connect to the trusted directory +## servers. If no DirServer lines are specified, Tor uses the built-in +## defaults (moria1, moria2, tor26), so you can leave this alone unless +## you need to change it. +#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 +#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF +#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +#DataDirectory /var/lib/tor + +## The port on which Tor will listen for local connections from Tor controller +## applications, as documented in control-spec.txt. NB: this feature is +## currently experimental. +#ControlPort 9051 + +############### This section is just for location-hidden services ### + +## Look in .../hidden_service/hostname for the address to tell people. +## HiddenServicePort x y:z says to redirect a port x request from the +## client to y:z. + +#HiddenServiceDir /var/lib/tor/hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 + +#HiddenServiceDir /var/lib/tor/other_hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 +#HiddenServicePort 22 127.0.0.1:22 +#HiddenServiceNodes moria1,moria2 +#HiddenServiceExcludeNodes bad,otherbad + +################ This section is just for servers ##################### + +## NOTE: If you enable these, you should consider mailing your identity +## key fingerprint to the tor-ops, so we can add you to the list of +## servers that clients will trust. See +## http://tor.eff.org/doc/tor-doc.html#server for details. + +## Required: A unique handle for this server +#Nickname ididnteditheconfig + +## The IP or fqdn for this server. Leave blank and Tor will guess. +#Address noname.example.com + +## Contact info that will be published in the directory, so we can +## contact you if you need to upgrade or if something goes wrong. +## This is optional but recommended. +#ContactInfo Random Person +## You might also include your PGP or GPG fingerprint if you have one: +#ContactInfo 1234D/FFFFFFFF Random Person + +## Required: what port to advertise for tor connections +#ORPort 9001 +## If you want to listen on a port other than the one advertised +## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment +## the line below. You'll need to do ipchains or other port forwarding +## yourself to make this work. +#ORBindAddress 0.0.0.0:9090 + +## Uncomment this to mirror the directory for others (please do) +#DirPort 9030 # what port to advertise for directory connections +## If you want to listen on a port other than the one advertised +## in DirPort (e.g. to advertise 80 but bind 9091), uncomment the line +## below. You'll need to do ipchains or other port forwarding yourself +## to make this work. +#DirBindAddress 0.0.0.0:9091 + +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. If you want to *replace* +## the default exit policy, end this with either a reject *:* or an +## accept *:*. Otherwise, you're *augmenting* (prepending to) the +## default exit policy. Leave commented to just use the default, which is +## available in the man page or at http://tor.eff.org/documentation.html +## +## Look at http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#Abuse +## for issues you might encounter if you use the default exit policy. +## +#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more +#ExitPolicy accept *:119 # accept nntp as well as default exit policy +#ExitPolicy reject *:* # middleman only -- no exits allowed + +User tor +Group tor +PidFile /var/run/tor.pid diff --git a/openwrt/package/tor/ipkg/tor.conffiles b/openwrt/package/tor/ipkg/tor.conffiles new file mode 100644 index 000000000..2954287e6 --- /dev/null +++ b/openwrt/package/tor/ipkg/tor.conffiles @@ -0,0 +1 @@ +/etc/tor/torrc diff --git a/openwrt/package/tor/ipkg/tor.control b/openwrt/package/tor/ipkg/tor.control new file mode 100644 index 000000000..4b6fddab3 --- /dev/null +++ b/openwrt/package/tor/ipkg/tor.control @@ -0,0 +1,7 @@ +Package: tor +Priority: optional +Section: net +Maintainer: Nico +Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/tor/ +Description: An anonymous Internet communication system +Depends: libevent, libopenssl, libpthread, zlib diff --git a/openwrt/package/tor/ipkg/tor.postinst b/openwrt/package/tor/ipkg/tor.postinst new file mode 100644 index 000000000..e52e8a559 --- /dev/null +++ b/openwrt/package/tor/ipkg/tor.postinst @@ -0,0 +1,33 @@ +#!/bin/sh + +name=tor +id=52 + +# do not change below +# check if we are on real system +if [ -z "${IPKG_INSTROOT}" ]; then + # create copies of passwd and group, if we use squashfs + rootfs=`mount |awk '/root/ { print $5 }'` + if [ "$rootfs" = "squashfs" ]; then + if [ -h /etc/group ]; then + rm /etc/group + cp /rom/etc/group /etc/group + fi + if [ -h /etc/passwd ]; then + rm /etc/passwd + cp /rom/etc/passwd /etc/passwd + fi + fi +fi + +echo "" +if [ -z "$(grep ^\\${name}: ${IPKG_INSTROOT}/etc/group)" ]; then + echo "adding group $name to /etc/group" + echo "${name}:x:${id}:" >> ${IPKG_INSTROOT}/etc/group +fi + +if [ -z "$(grep ^\\${name}: ${IPKG_INSTROOT}/etc/passwd)" ]; then + echo "adding user $name to /etc/passwd" + echo "${name}:x:${id}:${id}:${name}:/tmp/.${name}:/bin/false" >> ${IPKG_INSTROOT}/etc/passwd +fi +