community/tor: fix runscript - issues with User and DataDirectory options

5 files changed, 113 insertions, 31 deletions

diff --git a/community/tor/APKBUILD b/community/tor/APKBUILD
index fec3d79804..3fcc9498a1 100644
--- a/community/tor/APKBUILD
+++ b/community/tor/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Sam Dodrill <shadow.h511@gmail.com>
 pkgname=tor
 pkgver=0.2.8.7
-pkgrel=0
+pkgrel=1
 pkgdesc="Anonymous network connectivity"
 url="https://www.torproject.org"
 arch="all"
@@ -10,11 +10,12 @@ license="BSD"
 pkgusers="tor"
 depends=""
 makedepends="linux-headers bash libevent-dev openssl-dev ca-certificates"
-install="$pkgname.pre-install"
+install="$pkgname.post-upgrade $pkgname.pre-install"
 subpackages="$pkgname-doc"
 source="https://www.torproject.org/dist/$pkgname-$pkgver.tar.gz
 	tor.initd
-	tor.confd"
+	tor.confd
+	torrc.sample.patch"
 builddir="$srcdir/$pkgname-$pkgver"
 
 build() {
@@ -37,10 +38,6 @@ package() {
 
 	make DESTDIR="$pkgdir" install || return 1
 
-	# Uncomment logging to file.
-	sed -Ei 's/^#*(Log notice file.*)/\1/' \
-		"$pkgdir"/etc/tor/torrc.sample || return 1
-
 	install -dm755 -o $pkgusers \
 		"$pkgdir"/var/lib/$pkgname \
 		"$pkgdir"/var/log/$pkgname || return 1
@@ -52,11 +49,14 @@ package() {
 }
 
 md5sums="59771fe2d098893fe955edfb8b13401f  tor-0.2.8.7.tar.gz
-fb939d073a7a51e9814c10d1aabec0ce  tor.initd
-e05a796ffc4981c22c167de11fa36ef9  tor.confd"
+1cecd1e1d7765128a35995c0b1a02d38  tor.initd
+9e3f6716ba5a50bd0d4d5643dea124d9  tor.confd
+4f5eaefecd46503afe7d6fd22875b775  torrc.sample.patch"
 sha256sums="ae44e2b699e82db7ff318432fd558dfa941ad154e4055f16d208514951742fc6  tor-0.2.8.7.tar.gz
-04800394384a6ce4cad13bb1ffb8650a7ce799a574d897c0166180c19dd34f88  tor.initd
-41d780f291847e19f632428bbf27c3f289414afd237546d2974da1b75384c25c  tor.confd"
+b6619d72d4f99e956328a555ea495e82d9f0b578e3697bbcbca80379df9f4c3f  tor.initd
+864d7ff6c8a6b06734c3f314365304c6ba8b3b893e8f29ed5f6fb9869e647b4b  tor.confd
+c1a7a5fab97ff328daf86fe4d2d2c7bc4580ba43d860d77c0b3f451525d6d058  torrc.sample.patch"
 sha512sums="79156110804497509564d53a806dc8237e97755556bbaaed83d0f6a3470942a480e53693a7192996bad2b33fe1f77f60eb45e8122af9bfdc4a8f12b943cbc660  tor-0.2.8.7.tar.gz
-8dd2f56697b730881fa7e67088b0860a753fb7c3dad9eb3d2af6eb7b9cfa10aaaf01628e65cb139d423bdb97075b4b5fa72e44ffc80ea3f810ceff6429ec3d2a  tor.initd
-9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660  tor.confd"
+6de4ada16ba58264a247da70343eabd763e992d6b6683977fc1c67b7b4a9731748a7ec9751e869ad4b4ae9c72cf71b2e12dc289bb6e2aee499917f7663f4a735  tor.initd
+2b0de119bfdf9eb57e13317b7392190b1b8272c8f96023c71d3fc29215d887e9a3d0ffcef37cdb50b18d34e4b2251f75a739e258e0bb72aabd3339418b22fd67  tor.confd
+da386ff7e387312e647f04d360517a1f4cb1efbee36f4a3a6feb89a979bb12fa350fe6dfed49af0cb076ae30bb0c527b5d54127683eaa5aa45d6940dddd89dfb  torrc.sample.patch"
diff --git a/community/tor/tor.confd b/community/tor/tor.confd
index 4195bf3237..38a482cac9 100644
--- a/community/tor/tor.confd
+++ b/community/tor/tor.confd
@@ -1,3 +1,13 @@
-#
+# Location of the torrc configuration file.
+#conffile="/etc/tor/torrc"
+
+# User to start the tor daemon.
+# If "User" directive is set in $conffile, then this option is ignored (i.e.
+# tor is started under root, but it setuids to the specified User after start).
+#user="tor"
+
+# Timeout for gracefulstop
+#graceful_timeout="60"
+
 # Set the file limit
 rc_ulimit="-n 30000"
diff --git a/community/tor/tor.initd b/community/tor/tor.initd
index 99ec8ae853..db8b2cff81 100644
--- a/community/tor/tor.initd
+++ b/community/tor/tor.initd
@@ -1,27 +1,23 @@
 #!/sbin/openrc-run
 
-conffile="/etc/tor/torrc"
-pidfile="/run/tor/tor.pid"
-user="${user:-tor}"
-graceful_timeout="${GRACEFUL_TIMEOUT:-60}"
+: ${conffile:="/etc/tor/torrc"}
+: ${user:="tor"}
+: ${graceful_timeout:="${GRACEFUL_TIMEOUT:-60}"}
 
 command="/usr/bin/tor"
-command_args="-f $conffile"
+command_args="-f $conffile --runasdaemon 0"
 command_background="yes"
-start_stop_daemon_args="
-	--user $user
-	--chdir /var/lib/tor
-	--env HOME=/var/lib/tor"
+start_stop_daemon_args="--chdir /var/lib/tor"
+pidfile="/run/tor/tor.pid"
 
-# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
-# Graceful = wait 30 secs or so until all connections are properly closed.
 extra_commands="checkconfig"
-extra_started_commands="graceful gracefulstop reload"
+extra_started_commands="gracefulstop reload"
 
 description="Anonymizing overlay network for TCP"
 description_checkconfig="Check if config file is valid."
 description_reload="Reload the configuration."
-description_gracefulstop="Gracefully stop."
+# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
+description_gracefulstop="Gracefully stop (wait $gracefulstop until all connections are properly closed)."
 
 
 depend() {
@@ -36,15 +32,35 @@ checkconfig() {
 	fi
 
 	# Now verify whether the configuration is valid.
-	if ! $command --verify-config -f "$conffile" 2>&1 1>/dev/null; then
-		eerror "Tor configuration (${conffile}) not valid"
-		$command --verify-config -f "$conffile"
-		return 1
+	# If User directive is set in $conffile, then we must run tor as root,
+	# even --verify-config, otherwise it fails when verifying permissions
+	# of DataDirectory.
+	if conf_has User; then
+		local user="root"
 	fi
+	local out
+	out="$(su -s /bin/sh -c "$command $command_args --verify-config" $user 2>&1)" || {
+		eerror "Tor configuration $conffile is not valid"
+		printf '%s\n' "$out"
+		return 1
+	}
 }
 
 start_pre() {
 	checkconfig || return 1
+
+	# If User directive is set in $conffile, start tor as root and let it
+	# drop privileges itself (may be needed e.g. to bind to a privileged
+	# port). Otherwise run tor as $user (recommended).
+	if conf_has User; then
+		local user="$(conf_get User)"
+	else
+		start_stop_daemon_args="$start_stop_daemon_args --user $user"
+	fi
+
+	if conf_has DataDirectory; then
+		checkpath -d -m 0700 -o "$user" "$(conf_get DataDirectory)"
+	fi
 	checkpath -d -m 0755 -o "$user" "$(dirname "$pidfile")"
 }
 
@@ -66,3 +82,11 @@ reload() {
 	start-stop-daemon --signal HUP --pidfile "$pidfile"
 	eend $?
 }
+
+conf_get() {
+	sed -n "s/^\s*$1 \([^#]*\)/\1/p" "$conffile"
+}
+
+conf_has() {
+	grep -q "^\s*$1 " "$conffile"
+}
diff --git a/community/tor/tor.post-upgrade b/community/tor/tor.post-upgrade
new file mode 100644
index 0000000000..ff00aab782
--- /dev/null
+++ b/community/tor/tor.post-upgrade
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+ver_new="$1"
+ver_old="$2"
+
+if [ "$(apk version -t "$ver_old" "0.2.8.7-r0")" = "<" ]; then
+	cat 1>&2 <<-EOF
+	*
+	* Tor runscript has been updated to start tor under unprivileged user "tor"
+	* by default. If it fails to start due to permissions error, then change owner
+	* of files in the DataDirectory (default is /var/lib/tor) to the tor user:
+	*     chown -R tor /var/lib/tor
+	*
+	* If you need tor to bind a privileged port (e.g. 80), then add "User tor"
+	* to /etc/tor/torrc. Tor will be started under root, but then setuid to the
+	* tor user and drop privileges.
+	*
+	EOF
+fi
+
+exit 0
diff --git a/community/tor/torrc.sample.patch b/community/tor/torrc.sample.patch
new file mode 100644
index 0000000000..3360e9857f
--- /dev/null
+++ b/community/tor/torrc.sample.patch
@@ -0,0 +1,27 @@
+--- a/src/config/torrc.sample.in
++++ b/src/config/torrc.sample.in
+@@ -35,7 +35,7 @@
+ ## may provide sensitive information to an attacker who obtains the logs.
+ ##
+ ## Send all messages of level 'notice' or higher to @LOCALSTATEDIR@/log/tor/notices.log
+-#Log notice file @LOCALSTATEDIR@/log/tor/notices.log
++Log notice file @LOCALSTATEDIR@/log/tor/notices.log
+ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+ #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+ ## Use the system log instead of Tor's logfiles
+@@ -43,14 +43,9 @@
+ ## To send all messages to stderr:
+ #Log debug stderr
+ 
+-## Uncomment this to start the process in the background... or use
+-## --runasdaemon 1 on the command line. This is ignored on Windows;
+-## see the FAQ entry if you want Tor to run as an NT service.
+-#RunAsDaemon 1
+-
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+-#DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory @LOCALSTATEDIR@/lib/tor
+ 
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.