Bug 203014 - security/tor and security/tor-devel: Update and fix a few problems
Summary: security/tor and security/tor-devel: Update and fix a few problems
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Rene Ladan
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-09-10 13:31 UTC by George
Modified: 2018-01-06 11:40 UTC (History)
10 users (show)

See Also:


Attachments
[PATCH] security/tor: r400464 (6.17 KB, patch)
2015-10-30 18:49 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r400391 (6.79 KB, patch)
2015-10-30 18:55 UTC, Vinícius Zavam
no flags Details | Diff
[LOG] Poudriere Bulk: 9.3-RELEASE, amd64 (security/tor) (44.92 KB, text/x-log)
2015-10-30 20:48 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 10.2-STABLE, amd64 (security/tor) (44.36 KB, text/x-log)
2015-10-30 20:50 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 11.0-CURRENT, amd64 (security/tor) (44.55 KB, text/x-log)
2015-10-30 20:51 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 9.3-RELEASE, amd64 (security/tor-devel) (46.63 KB, text/x-log)
2015-10-30 20:53 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 10.2-STABLE, amd64 (security/tor-devel) (46.14 KB, text/x-log)
2015-10-30 20:54 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 11.0-CURRENT, amd64 (security/tor-devel) (46.33 KB, text/x-log)
2015-10-30 20:56 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 10.2-STABLE, armv6 (security/tor) (48.71 KB, text/x-log)
2015-10-31 03:24 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 11.0-CURRENT, armv6 (security/tor) (47.21 KB, text/x-log)
2015-10-31 03:25 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 10.2-STABLE, armv6 (security/tor-devel) (50.41 KB, text/x-log)
2015-10-31 03:25 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 11.0-CURRENT, armv6 (security/tor-devel) (48.90 KB, text/x-log)
2015-10-31 03:26 UTC, Vinícius Zavam
no flags Details
[PATCH] security/tor: r400464 (6.82 KB, patch)
2015-11-17 16:38 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r400391 (7.45 KB, patch)
2015-11-17 16:41 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r400391 (10.16 KB, patch)
2015-11-19 16:40 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor: r400464 (9.77 KB, patch)
2015-11-19 16:41 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor: r400464 (9.59 KB, patch)
2015-11-19 18:43 UTC, Vinícius Zavam
no flags Details | Diff
[LOG] Poudriere Bulk: 10.2-STABLE, i386 (security/tor) (38.14 KB, text/x-log)
2015-11-19 18:48 UTC, Vinícius Zavam
no flags Details
[LOG] Poudriere Bulk: 10.2-STABLE, i386 (security/tor-devel) (39.70 KB, text/x-log)
2015-11-19 18:49 UTC, Vinícius Zavam
no flags Details
[PATCH] security/tor: r400464 (10.14 KB, patch)
2015-11-20 15:28 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r400391 (10.80 KB, patch)
2015-11-20 15:29 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor: r400464 (10.70 KB, patch)
2015-11-25 21:52 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor: r400464 (10.70 KB, patch)
2015-12-12 19:05 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r424527 (7.41 KB, patch)
2016-10-24 20:26 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r425755 (11.27 KB, patch)
2016-11-08 18:59 UTC, Vinícius Zavam
no flags Details | Diff
poudriere log of 9.3-i386, OpenSSL too old (16.00 KB, text/plain)
2016-11-09 20:26 UTC, Rene Ladan
no flags Details
[PATCH] security/tor-devel: r425755 (11.28 KB, patch)
2016-11-09 21:49 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r425808 (11.31 KB, patch)
2016-11-10 12:51 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r425808 (11.31 KB, patch)
2016-11-10 12:55 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r425808 (11.28 KB, patch)
2016-11-10 21:29 UTC, Vinícius Zavam
no flags Details | Diff
[LOG] security/tor-devel: r425808 (9.3-RELEASE-p50, amd64) (398.56 KB, text/plain)
2016-11-10 21:30 UTC, Vinícius Zavam
no flags Details
[LOG] security/tor-devel: r425808 (9.3-RELEASE-p50, i386) (393.89 KB, text/plain)
2016-11-10 21:30 UTC, Vinícius Zavam
no flags Details
[PATCH] security/tor-devel: r427582 (11.27 KB, patch)
2016-12-02 19:15 UTC, Vinícius Zavam
no flags Details | Diff
[PATCH] security/tor-devel: r427582 (logging by default) (12.84 KB, patch)
2016-12-02 20:30 UTC, Vinícius Zavam
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description George 2015-09-10 13:31:14 UTC
Current pkg and port version of security/tor is 0.2.6.9.  pkg and port version of security/tor-devel is 0.2.6.7.

Queried using:

user@host:/home/user % pkg rquery %n-%v tor
tor-0.2.6.9

user@host:/home/user % pkg rquery %n-%v tor-devel
tor-devel-0.2.6.7

Current stable (security/tor) version available from the Tor Project is 0.2.6.10, and the current unstable (security/tor-dev) is 0.2.7.2-alpha.

The tor-devel pkg seems out of sync and on the wrong branch. There is also a known issue with the 0.2.7.x branch not running on FreeBSD >=9.x, so security/tor and the relevant pkg should remain on the security/tor or stable branch and there should be a pre-install message, while the 0.2.7.x branch should be security/tor-devel.

I do not have a pkg build environment to test, but can provide a diff for security/tor from 0.2.6.9 to 0.2.6.10 if necessary and security/tor-devel from 0.2.6.7 to 0.2.7.2.
Comment 1 George 2015-09-10 13:38:01 UTC
It seems that the current security/tor-devel port is at 0.2.7.2, but the pkgs are out of sync only.

My mistake since I was relying on freshports.org, but nevertheless the pkgs are out of sync.
Comment 2 Vinícius Zavam freebsd_committer 2015-10-30 18:49:32 UTC
Created attachment 162605 [details]
[PATCH] security/tor: r400464

Minor typos and updates for pkg-message.in and tor.in.

Added a radio option to use one pluggable transport proxy (security/obfsproxy).

libevent was detected by the configure script without previous patch, so the patch was removed from files/ directory. "post-patch" kept as is. Checked support for 11.0-CURRENT, 10.2-STABLE and 9.3-RELEASE (considering old OSVERSION and OpenSSL version present on base system). As reported by #204123, OpenSSL from ports should be used instead.

Static tor was compiled to test the patch removal. It works.
Comment 3 Vinícius Zavam freebsd_committer 2015-10-30 18:55:06 UTC
Created attachment 162606 [details]
[PATCH] security/tor-devel: r400391

Same as the last one, for security/tor, but adds code to support tor-0.2.7.4-rc.

Minor typos and updates for pkg-message.in and tor.in.

Added a radio option to use one pluggable transport proxy (security/obfsproxy).

Once again, libevent was detected by the configure script without previous patch, so the patch was removed from files/ directory. "post-patch" kept as is. Checked support for 11.0-CURRENT, 10.2-STABLE and 9.3-RELEASE (considering old OSVERSION and OpenSSL version present on base system). As reported by #204123, OpenSSL from ports should be used instead.

Static tor was also compiled to test the patch removal.
Comment 4 Vinícius Zavam freebsd_committer 2015-10-30 20:48:45 UTC
Created attachment 162608 [details]
[LOG] Poudriere Bulk: 9.3-RELEASE, amd64 (security/tor)
Comment 5 Vinícius Zavam freebsd_committer 2015-10-30 20:50:22 UTC
Created attachment 162609 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, amd64 (security/tor)
Comment 6 Vinícius Zavam freebsd_committer 2015-10-30 20:51:43 UTC
Created attachment 162610 [details]
[LOG] Poudriere Bulk: 11.0-CURRENT, amd64 (security/tor)
Comment 7 Vinícius Zavam freebsd_committer 2015-10-30 20:53:15 UTC
Created attachment 162611 [details]
[LOG] Poudriere Bulk: 9.3-RELEASE, amd64 (security/tor-devel)
Comment 8 Vinícius Zavam freebsd_committer 2015-10-30 20:54:41 UTC
Created attachment 162613 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, amd64 (security/tor-devel)
Comment 9 Vinícius Zavam freebsd_committer 2015-10-30 20:56:46 UTC
Created attachment 162616 [details]
[LOG] Poudriere Bulk: 11.0-CURRENT, amd64 (security/tor-devel)
Comment 10 Vinícius Zavam freebsd_committer 2015-10-31 03:24:24 UTC
Created attachment 162630 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, armv6 (security/tor)
Comment 11 Vinícius Zavam freebsd_committer 2015-10-31 03:25:04 UTC
Created attachment 162631 [details]
[LOG] Poudriere Bulk: 11.0-CURRENT, armv6 (security/tor)
Comment 12 Vinícius Zavam freebsd_committer 2015-10-31 03:25:29 UTC
Created attachment 162632 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, armv6 (security/tor-devel)
Comment 13 Vinícius Zavam freebsd_committer 2015-10-31 03:26:03 UTC
Created attachment 162633 [details]
[LOG] Poudriere Bulk: 11.0-CURRENT, armv6 (security/tor-devel)
Comment 14 Vinícius Zavam freebsd_committer 2015-11-17 16:38:32 UTC
Created attachment 163253 [details]
[PATCH] security/tor: r400464

Following ideas and recommendations from danilo@ and garga@ for the BCP to code and contribute to the FreeBSD's Ports Collection, this patch (svn diff) aims to:

1. Adds all previous updates pointed by the last uploaded patch;
2. Changes OPTIONS_RADIO to OPTIONS_GROUP to group pluggable transports;
3. Solves an issue to build STATIC_TOR and TCMALLOC together.
Comment 15 Vinícius Zavam freebsd_committer 2015-11-17 16:41:04 UTC
Created attachment 163254 [details]
[PATCH] security/tor-devel: r400391

Same as the previously reported patch for security/tor, but updates and solves small issues related to security/tor-devel.
Comment 16 Vinícius Zavam freebsd_committer 2015-11-19 16:40:14 UTC
Created attachment 163337 [details]
[PATCH] security/tor-devel: r400391

Again, following some BCP, this new patch:

1. Uses port options helpers;
2. Takes care of r399278;
  2.1. https://reviews.freebsd.org/D3866
3. Adds a _precmd stage to better check "required_dirs=";
  3.1. Rather than mkdir(1)+chown(8)+chmod(1) routines, uses install(1)
  3.2. "check_required_before()" was breaking cheks before running new '_precmd'
  3.3. "required_dirs=" was commented on patched rc script for future debugs

Poudriere and manual config and testing for the patched-port worked as expected.
Comment 17 Vinícius Zavam freebsd_committer 2015-11-19 16:41:15 UTC
Created attachment 163338 [details]
[PATCH] security/tor: r400464

Same as the last one but takes care of security/tor.
Comment 18 Vinícius Zavam freebsd_committer 2015-11-19 18:43:43 UTC
Created attachment 163340 [details]
[PATCH] security/tor: r400464

Corrects 2 small but serious typos on security/tor/Makefile.
Comment 19 Vinícius Zavam freebsd_committer 2015-11-19 18:48:54 UTC
Created attachment 163341 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, i386 (security/tor)
Comment 20 Vinícius Zavam freebsd_committer 2015-11-19 18:49:58 UTC
Created attachment 163342 [details]
[LOG] Poudriere Bulk: 10.2-STABLE, i386 (security/tor-devel)
Comment 21 Vinícius Zavam freebsd_committer 2015-11-20 15:28:11 UTC
Created attachment 163355 [details]
[PATCH] security/tor: r400464

Handles old log files and creates a backup for it. If you are upgrading Tor from a previous version, Tor's rc script will fail with:

  install: /var/log/tor exists but is not a directory

Previous logfile was the new logdir itself (/var/log/tor)! This patch updates everything else reported before and:

  Check for an old log file;
  Verify if the file content has Tor's log information;
  Saves a backup!
Comment 22 Vinícius Zavam freebsd_committer 2015-11-20 15:29:07 UTC
Created attachment 163356 [details]
[PATCH] security/tor-devel: r400391

Same as the last one but for security/tor-devel.
Comment 23 Brendan Fabeny freebsd_committer 2015-11-21 13:12:07 UTC
Thanks.

If I recall correctly, the reason for the libevent changes, and for avoiding adding the clumsy LDFLAGS+="-L${LOCALBASE}/lib"  whenever possible, was to fix the linking in the static case, and to avoid linking with the wrong libraries, such as openssl.  I'll check that this works with the new tor-devel.

As far as the rc-script is concerned, I've resisted making such additions in the past when they're intended to avoid infrequent or one-time fixes, on the grounds that they add complexity to the script, often fail to handle custom configs properly, make assumptions about tools like awk, etc. being present when some of our users are running tor on smaller, stripped-down machines; and hide changes that really should be brought to the attention of users or administrators.  Usually such changes are best handled manually, with a note in UPDATING or a pkg-message.  This looks like such a case.
Comment 24 Vinícius Zavam freebsd_committer 2015-11-25 21:52:24 UTC
Created attachment 163538 [details]
[PATCH] security/tor: r400464

This patch corrects everything else reported before, and updates "security/tor" to a new stable release.

[ https://blog.torproject.org/blog/tor-0275-released-and-stable ]
Comment 25 Brendan Fabeny freebsd_committer 2015-12-01 14:50:32 UTC
Thanks.  But as I wrote before, we should do less in the rc script, rather than add machinery for an infrequent or one-time fix -- similar to the proposal in bug 204739 -- so I'll reconcile these two sets of changes.
Comment 26 Neel Chauhan freebsd_committer 2015-12-01 15:18:19 UTC
(In reply to Brendan Fabeny from comment #25)

I agree. We don't want to pull a 'Lennart Poettering' and include features people didn't ask for.
Comment 27 Vinícius Zavam freebsd_committer 2015-12-01 15:39:59 UTC
Most of the changes here in between, came from http://lists.nycbug.org/pipermail/tor-bsd/2015-November/000380.html

Now that Chauhan points "L.P." it hurts... 

My perception was that we could help lazy people that forget (do not want) to read UPDATING and its change logs. Also, it's possible to minimize the impact on production relays running under FreeBSD machines.
Comment 28 Vinícius Zavam freebsd_committer 2015-12-12 19:05:13 UTC
Created attachment 164153 [details]
[PATCH] security/tor: r400464

This patch corrects everything else reported before by the last patches related to security/tor, and updates it to a new stable release (2.7.6).

[ https://blog.torproject.org/blog/tor-0276-released ]
Comment 29 Dmitry Marakasov freebsd_committer 2015-12-25 10:58:31 UTC
I suggest to update it and split it into parts, as it probably won't apply any more, and parts will be easier to comprehend and discuss, and anyway need to be committed separately because some may need to be MFHd. After a quick glance:

- You can't omit ${PORTSDIR} from depends until a next quartely branch is created
- Datadir/logdir/piddir handling should be done in plist, not rc script. Backing up stuff does not belong to the port at all
- Test should be switched to new test framework
- MTMALLOC changes do not seem correct at all: you depend on shared library for static case, and use lib and build depends at the same time.
- OFSPROXY option is useless as it does nothing beyond adding a run-dependency
Comment 30 Vinícius Zavam freebsd_committer 2015-12-28 04:26:34 UTC
(In reply to Dmitry Marakasov from comment #29)

Nice!
I was really hoping to get a more clear feedback (like this one you did).
Thank you very much for your time and concern amdmi3@.

K.R.,
Vinícius
Comment 31 Rene Ladan freebsd_committer 2016-06-27 21:45:06 UTC
Maintainer reset.
Comment 32 Ben Woods freebsd_committer 2016-08-24 13:51:41 UTC
Requesting feedback from new maintainer as to if these patches still apply.
Comment 33 Yuri Victorovich freebsd_committer 2016-10-23 22:55:30 UTC
The current version is 0.2.8.9. This bug report needs to be closed as "overcome by events".
Comment 34 Vinícius Zavam freebsd_committer 2016-10-24 20:26:20 UTC
Created attachment 176119 [details]
[PATCH] security/tor-devel: r424527

I did plan to release a new patch (suggestion) to take care of security/tor-devel, but right now there's no working code I can give you.

Nevertheless, I do think it might be useful to merge some useful "options helpers" and stuff... or provide a new starting point to both ports.

The (NOT WORKING) patch for security/tor-devel is attached, and comes with this considerations:

a) uses "options helpers", as recommended by porter's handbook;
b) '--enable-transparent' is no longer a valid config parameter;
c) proper OSVERSION for bumping openssl from ports is "< 1000015";
d) suggests the use of --with-tor-{user,group}=_tor;
e) it is a work in progress. it does not work yet :)

KR,
Vinícius
Comment 35 Yuri Victorovich freebsd_committer 2016-10-24 20:33:25 UTC
Thanks,

I will look at the patched.

Yuri
Comment 36 Vinícius Zavam freebsd_committer 2016-11-08 18:59:30 UTC
Created attachment 176798 [details]
[PATCH] security/tor-devel: r425755

(In reply to Yuri Victorovich from comment #35)

Yuri,
hi.

Please take a look at this new patch when you have some time. It also updates security/tor-devel to version 0.2.9.5-alpha.

This one is pretty much close to the best practices described by the Porter's Handbook, and let the user chose between 'ssl=base' or any other from ports. There's also the considerations pointed by brnrd@ (I think), to set USES+=ssl only when we try to compile Tor using ports' openssl/libressl from ports.

I added/merged your warning about Tor2Web, as reported (and solved) on #210389.

KR,
Vinícius
Comment 37 Yuri Victorovich freebsd_committer 2016-11-08 19:05:47 UTC
Comment on attachment 176798 [details]
[PATCH] security/tor-devel: r425755

Thanks Vinícius!
Comment 38 Rene Ladan freebsd_committer 2016-11-09 19:40:00 UTC
Poudriere logs OK on 9.3/10.1/11.0/12.0 i386/amd64 and 11.0-armv6 (10.1-armv6 and 12.0-armv6 failed on dependencies)
Comment 39 Yuri Victorovich freebsd_committer 2016-11-09 19:53:47 UTC
Please note that the subject is wrong, it should be "security/tor-devel: Update and fix a few problems".
Comment 40 Rene Ladan freebsd_committer 2016-11-09 20:25:20 UTC
Actually tor 0.2.9.5-alpha fails on FreeBSD 9.3 because its bundled copy of OpenSSL is too old, see the attached log.
Comment 41 Rene Ladan freebsd_committer 2016-11-09 20:26:17 UTC
Created attachment 176829 [details]
poudriere log of 9.3-i386, OpenSSL too old
Comment 42 Neel Chauhan freebsd_committer 2016-11-09 20:30:00 UTC
(In reply to Rene Ladan from comment #40)

This was the issue since Tor 0.2.7.2-alpha, looking back at the ChangeLog.
Comment 43 Yuri Victorovich freebsd_committer 2016-11-09 20:33:22 UTC
Is security/tor also failing on 9.3?
Comment 44 Rene Ladan freebsd_committer 2016-11-09 20:47:44 UTC
I'll test-build current security/tor (0.2.8.9) on 9.3 i386 and amd64
Comment 45 Rene Ladan freebsd_committer 2016-11-09 21:21:40 UTC
security/tor builds fine on 9.3-i386, looking at the diff between the two ports, I thought that this typo was the culprit (around line 90):

-.if ${OSVERSION} < 1000000
-WITH_OPENSSL_PORT=     yes
-.endif
-
-.if !defined(USE_GCC) && empty(CC:T:M*gcc4*) && \
-empty(PORT_OPTIONS:MSTATIC_TOR) && empty(ARCH:Mia64)
-CONFIGURE_ARGS+=       --enable-gcc-hardening
-.else
-CONFIGURE_ARGS+=       --disable-gcc-hardening
+.if ${OSVERSION} < 1000015
+DEFAULT_VERSIONS+=     ssl=openssl
+# OPENSSL_PORT=                security/openssl
+WITH_OPENSSLPORT=      yes  <-- missing space between OPENSSL and PORT ?
 .endif

But that gives the same error. I think the solution is to always use OpenSSL from ports on 9.3. I'll test a patched Makefile
Comment 46 Vinícius Zavam freebsd_committer 2016-11-09 21:49:45 UTC
Created attachment 176832 [details]
[PATCH] security/tor-devel: r425755

(In reply to Rene Ladan from comment #45)

ooops! you are right. there was a little typo to be corrected... and this new patch solves it!

yes; it's focused on security/tor-devel only. if everything goes well, security/tor can get/merge its updates.

thank you very much for your time, and feedback :)
Comment 47 Yuri Victorovich freebsd_committer 2016-11-09 21:55:25 UTC
Thank you for doing this!

Go ahead and commit the patch if you are sure it fixes the problem.

Yuri
Comment 48 Rene Ladan freebsd_committer 2016-11-09 22:03:10 UTC
No, I doesn't fix it in my tests, see the rest of comment 45.

I think you also have to adjust the configure flags/environment for FreeBSD 9.3.
And not setting a default for SSLTLS seems to break the port in other ways, weird.
Comment 49 Vinícius Zavam freebsd_committer 2016-11-10 12:51:08 UTC
Created attachment 176857 [details]
[PATCH] security/tor-devel: r425808

(In reply to Rene Ladan from comment #48)

hm... I did think that typo should handle the things properly. good to know it did not. thanks!

your tests ran in a 9.3-release environment, so we can check OSVERSION for values <= 903000 and change OPTIONS_DEFAULT= to "SSLTLS_PORTS". that could do the trick. or, afaik, 903511 is the last documented OSVERSION (https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions-9.html) related to 9.x, and we should use it:

    .if ${OSVERSION} < 903511
    OPTIONS_DEFAULT=	SSLTLS_PORTS
    .endif

the attached patch adds it to the Makefile // sorry for not running a test on 9.x before reporting it back; I need to setup+upgrade my env.

kr,
vinícius
Comment 50 Vinícius Zavam freebsd_committer 2016-11-10 12:55:24 UTC
(In reply to Vinícius Zavam from comment #49)

-${OSVERSION} < 903511
+${OSVERSION} <= 903511
Comment 51 Vinícius Zavam freebsd_committer 2016-11-10 12:55:54 UTC
Created attachment 176858 [details]
[PATCH] security/tor-devel: r425808
Comment 52 Vinícius Zavam freebsd_committer 2016-11-10 21:29:35 UTC
Created attachment 176873 [details]
[PATCH] security/tor-devel: r425808

latest patch.
Comment 53 Vinícius Zavam freebsd_committer 2016-11-10 21:30:32 UTC
Created attachment 176874 [details]
[LOG] security/tor-devel: r425808 (9.3-RELEASE-p50, amd64)
Comment 54 Vinícius Zavam freebsd_committer 2016-11-10 21:30:54 UTC
Created attachment 176875 [details]
[LOG] security/tor-devel: r425808 (9.3-RELEASE-p50, i386)
Comment 55 Vinícius Zavam freebsd_committer 2016-11-11 00:56:28 UTC
my poudriere's bulk logs are available at http://[2604:a880:400:d0::477:4001]/logs/ (because some files are bigger than the max allowed to attach here).

if someone can test it against 9.3-stable, it would be great! same for other architectures like arm, aarch64 and/or mips.

kr,
vinícius
Comment 56 Shawn Webb 2016-11-11 17:30:19 UTC
I'm going to buy a couple new RPI3 devices this weekend with the goal of setting up a tor relay and/or bridge. I can give it a whirl soon-ish.
Comment 57 Rene Ladan freebsd_committer 2016-11-11 22:21:26 UTC
@ Vinícius Zavam: I can reach your server but it refuses to serve the logs, instead it gives an HTTP 403
Comment 58 Vinícius Zavam freebsd_committer 2016-11-11 23:12:27 UTC
(In reply to Rene Ladan from comment #57)

Wow! Sorry about that. Please try to get it now, and... if someone needs to reach it over v4: http://192.241.135.129/logs
Comment 59 Yuri Victorovich freebsd_committer 2016-11-16 11:13:09 UTC
see also: bug#214567 is a simple update to 0.2.9.5-alpha.
Comment 60 Vinícius Zavam freebsd_committer 2016-12-02 19:15:52 UTC
Created attachment 177615 [details]
[PATCH] security/tor-devel: r427582

this patch obsoletes the last one; it updates security/tor-devel to version 0.2.9.6-rc.

bug #215009 does not solves issues or improves security/tor-devel like this patch does. please test it and report any issues you might get with it! more information about this current patch, please refer to previous comments posted here.

kr,
vinícius

PS: there's just one missing suggestion that this patch does not apply, and it is the presence of a default log file for the Tor daemon.
Comment 61 Shawn Webb 2016-12-02 20:03:02 UTC
Your new patch builds and runs fine on amd64, though I haven't tried anything other than starting it up. Additionally, I compiled with PIE, RELRO + BIND_NOW, and SafeStack enabled in HardenedBSD.
Comment 62 Vinícius Zavam freebsd_committer 2016-12-02 20:30:59 UTC
Created attachment 177618 [details]
[PATCH] security/tor-devel: r427582 (logging by default)

(In reply to Shawn Webb from comment #61)

tyvm, shawn!

here I also add a new patch with an improved tor.in, so we get a default log for Tor (with 'notice' severity); its severity can easily be changed via sysrc(8), if needed.

the current port does not ship with this feature. if you need to see/confirm that the Tor daemon is really running with a working circuit just check the log.
Comment 63 Rene Ladan freebsd_committer 2017-06-26 17:42:15 UTC
What is the current status of this PR, are parts still applicable?
Comment 64 Vinícius Zavam freebsd_committer 2017-08-02 08:04:22 UTC
(In reply to Rene Ladan from comment #63)

The idea behind all patches and suggestions are definitely something we could apply to both ports. Unfortunately I decided to move all the efforts and new codes to a small/partial GitHub repository, and choose no longer to post or bump more things here.

If there's any chance it hits "upstream" (official FreeBSD ports), I would be happy to help and work on merging stuff up. The current repository+branch with both ports and related works is https://github.com/egypcio/freebsd-ports/tree/torbsd

Main changes in between official branch and the GH stuff? Makefiles were "completely" redesigned and the rc script does not support the idea of multi instances (if one wants to run Tor like that, should separate it using jails). pkg-message and pkg-descr cosmetics.

Thank you very much for writing back! Very appreciated.
Comment 65 Rene Ladan freebsd_committer 2018-01-06 11:40:19 UTC
This PR outlived its usefulness, any development is now done in a GitHub repository.