File tor.spec of Package tor
#
# spec file for package tor
#
%define toruser %{name}
%define torgroup %{name}
%define home_dir %{_localstatedir}/lib/empty
Name: tor
Version: 0.4.8.13
Release: 0
Summary: Anonymizing overlay network for TCP (The onion router)
License: BSD-3-Clause
Group: Productivity/Networking/Security
Url: https://www.torproject.org/
Source0: %{name}-%{version}.tar.gz
Source1: %{name}.service
Source2: %{name}.conf
Source3: %{name}.pam
Source4: %{name}.logrotate
BuildRequires: lib64event-devel
BuildRequires: lib64openssl-devel
BuildRequires: systemd-devel
Requires: logrotate
Requires: pam
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Tor is a connection-based low-latency anonymous communication system.
This package provides the "tor" program, which serves as both a client and
a relay node. Scripts will automatically create a "%{toruser}" user and
a "%{torgroup}" group, and set tor up to run as a daemon when the system
is rebooted.
Applications connect to the local Tor proxy using the SOCKS
protocol. The tor client chooses a path through a set of relays, in
which each relay knows its predecessor and successor, but no
others. Traffic flowing down the circuit is unwrapped by a symmetric
key at each relay, which reveals the downstream relay.
Warnings: Tor does no protocol cleaning. That means there is a danger
that application protocols and associated programs can be induced to
reveal information about the initiator. Tor depends on Privoxy or
similar protocol cleaners to solve this problem. This is alpha code,
and is even more likely than released code to have anonymity-spoiling
bugs. The present network is small -- this further reduces the
strength of the anonymity provided. Tor is not presently suitable
for high-stakes anonymity.
%global debug_package %{nil}
%prep
%setup -q
%build
%configure --enable-systemd
#--enable-openbsd-malloc --enable-gcc-hardening --enable-linker-hardening --with-tor-user=%{toruser} --with-tor-group=%{torgroup}
make %{?_smp_mflags}
%install
make %{?_smp_mflags} DESTDIR=%{buildroot} install
# missing dirs
install -d -m 700 \
%{buildroot}%{_localstatedir}/lib/%{name}
install -d -m 755 \
%{buildroot}/%{_sbindir} \
%{buildroot}/%{_sysconfdir}/security/limits.d \
%{buildroot}/%{_sysconfdir}/pam.d
install -d -m 750 \
%{buildroot}%{_localstatedir}/log/%{name}
install -p -m 755 contrib/client-tools/torify %{buildroot}/%{_bindir}
# sample config file
sed -i 's|^#RunAsDaemon|RunAsDaemon|' src/config/torrc.sample
sed -i 's|^#DataDirectory|DataDirectory|' src/config/torrc.sample
sed -i 's|^#ORPort 9001|ORPort 9001|' src/config/torrc.sample
install -p -m 644 src/config/torrc.sample %{buildroot}/%{_sysconfdir}/%{name}/torrc
# init script
install -D -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/%{name}.service
# PAM/limits file/logrotate
install -D -m 644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/security/limits.d/%{name}.conf
install -D -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/%{name}
install -D -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
for i in %{name} %{name}-gencert %{name}-resolve; do
strip %{buildroot}/%{_bindir}/$i
done
rm -rf %{buildroot}/share/doc/tor
rm -f %{buildroot}%{_sysconfdir}/tor/torrc.sample
%pre
%{_sbindir}/groupadd -r %{torgroup} &>/dev/null || :
%{_sbindir}/useradd -o -u 20 -g %{torgroup} -s /bin/false -r -c "User to run %{name}" -d %{home_dir} %{toruser} &>/dev/null || :
%post
%_post_service %{name}
%preun
%_preun_service %{name}
%postun
%_postun_userdel %{name}
%files
%defattr(-,root,root)
%{_bindir}/*
%{_mandir}/man*/*
%{_unitdir}/%{name}.service
%dir %{_sysconfdir}/security/limits.d
%config %{_sysconfdir}/security/limits.d/%{name}.conf
%dir %{_sysconfdir}/pam.d
%config %{_sysconfdir}/pam.d/%{name}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/geoip
%{_datadir}/%{name}/geoip6
%config %attr(0644,root,root) %{_sysconfdir}/logrotate.d/%{name}
%dir %attr(0755,root,%{torgroup}) %{_sysconfdir}/%{name}
%config(noreplace) %attr(0644,root,%{torgroup}) %{_sysconfdir}/%{name}/torrc
%attr(0700,%{toruser},%{torgroup}) %dir %{_localstatedir}/lib/%{name}
%attr(0750,%{toruser},%{torgroup}) %dir %{_localstatedir}/log/%{name}
%doc LICENSE README.md ChangeLog ReleaseNotes CONTRIBUTING doc/HACKING doc/man/*.html
%changelog
