diff options
2 files changed, 188 insertions, 0 deletions
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 09563dd91da5..b419a4dd5a81 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -7,3 +7,6 @@ DIST tor- 1321 BLAKE2B 0ed3a4ab5c119f097367c2f2b88b
DIST tor- 8288772 BLAKE2B e283d828fede259b1186b45214d466ff7ee79c835d68d0253537cd44b4dfdc4effe97ffb864d788eb0c65e7c09dc79673b1f191662c3641917a36af935cb9e7f SHA512 a27380b3e0f33148fe86aa8815a9ff6476fe1531427990508d7cbe1770ddedbde56ac797674154a7ca590eb7ce08ebc56e0a4d84f9e27f6eaf1faf3a836faa8b
DIST tor- 85 BLAKE2B 83a237b60e9a5217e61da9f12c53e2cdb59e329af88b255b74a6225cf4055d99fe3c2028aea519e496e4a3c4204fe2ea098899a31d91d21bc311fc2fc90f2f32 SHA512 34cdc256cf0e0907cea8eb4bb7b93c22750609241a3296cd229525193e4f429180bfafeee8ae08f992e4a56821dbc32ba7f58ee31abab274a4dac0730df0d42f
DIST tor- 1321 BLAKE2B 6771028385a9d13ff00314ac98b6b03a3ff532385157e5157869eeddd188e9a1a27ef9c233d40f666d3e7c5f9a8c801d4e9402ea4bbeb7260e88240a389d6fe9 SHA512 bd29b25c271ca8c11ffd3580e54218a1057053ed988e0c9b433365b4fedf718c0a4b6e6f183f280d7d06e2249a4a9440247346afad640b70d62c542131d62410
+DIST tor- 8237202 BLAKE2B 71a4807284ecefc4a18d6bc15ce798844304f860338b786590779fb171f851d630e8af3114dbc84fe854561e0085dcb147b4dd87787988a8fb6c3628bfcc8175 SHA512 37be85e4e707682c5234ec471cb18775b3681eae2293df9c1d1192157147e4f3a08f00c33b2fc9574bbfc4f8d3fa3f4063413bbfbc536832df4a258076632be1
+DIST tor- 85 BLAKE2B eddb6cf660e9e5b0eef20477d4536a0063bf8dcd0da75238514e620a9f6046431d656d4492f3765f14ff99175525dc4ae5c66f7f5ed0e1f7efe69e8f3b2a9583 SHA512 bda3ebb7ae915519e3ef4f3465045abb14e1cc3322ce2c9813c1189bcc33ef45f9aeecfd59bfb13cbb07e5dfd56fc7794f6fcaf18b752c8207d0e70934cc1e11
+DIST tor- 716 BLAKE2B 5748744112694c1d7cd2b6e622f9469308595422cd44a1142985880e32b3a5cadfe7410b2c1b5bc59a001fb3d086246a76074314b53eb0ae38e37ea4736f66c5 SHA512 55cf2c7fc92d33afc4f569a0c27fb187d757d441b706e2562a3da6eb6032498e24450199927bcddcfaa697f7e2273dd2f4a047ef35ea3e53287ae4208432bdf9
diff --git a/net-vpn/tor/tor- b/net-vpn/tor/tor-
new file mode 100644
index 000000000000..8c577a42be89
--- /dev/null
+++ b/net-vpn/tor/tor-
@@ -0,0 +1,185 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+PYTHON_COMPAT=( python3_{10..12} )
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+MY_PV="$(ver_rs 4 -)"
+DESCRIPTION="Anonymizing overlay network for TCP"
+if [[ ${PV} == 9999 ]] ; then
+ inherit autotools git-r3
+ verify-sig? (
+ )
+ "
+ S="${WORKDIR}/${MY_PF}"
+ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+ fi
+ BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version)
+# We also already had GPL-2 listed here for the init script, but obviously
+# that's different from the actual binary.
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+ acct-user/tor
+ acct-group/tor
+ selinux? ( sec-policy/selinux-tor )
+ test? (
+ )
+ "${FILESDIR}"/${PN}-
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+ default
+ fi
+src_prepare() {
+ default
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/ || die
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ fi
+src_configure() {
+ use doc && DOCS+=( ChangeLog ReleaseNotes doc/HACKING )
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+ # Unless someone asks & has a compelling reason, just always
+ # build in GPL mode for pow, given we don't want yet another USE
+ # flag combination to have to test just for the sake of it.
+ # (PoW requires GPL.)
+ --enable-gpl
+ --enable-module-pow
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+ econf "${myeconfargs[@]}"
+src_test() {
+ local skip_tests=(
+ # Fails in sandbox
+ :sandbox/open_filename
+ :sandbox/openat_filename
+ )
+ # The makefile runs these by parallel by chunking them with a script
+ # but that means we lose verbosity and can't skip individual tests easily
+ # either.
+ edo ./src/test/test --verbose "${skip_tests[@]}"
+src_install() {
+ default
+ readme.gentoo_create_doc
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+ keepdir /var/lib/tor
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc