Merge RPM spec patch from jbash

svn:r2674

Makefile.am

@@ -5,7 +5,7 @@ SUBDIRS = src doc contrib
 
 DIST_SUBDIRS = src doc contrib
 
-EXTRA_DIST = INSTALL README AUTHORS LICENSE ChangeLog
+EXTRA_DIST = INSTALL README AUTHORS LICENSE ChangeLog tor.spec tor.spec.in
 
 #install-data-local:
 #	$(INSTALL) -m 755 -d $(LOCALSTATEDIR)/lib/tor
@@ -21,4 +21,4 @@ dist-rpm: dist
 	mv /tmp/tor-rpm-build/*RPMS/* .
 
 doxygen:
-	doxygen && cd doc/doxygen/latex && make
+	doxygen && cd doc/doxygen/latex && make

configure.in

@@ -239,4 +239,4 @@ CFLAGS="$CFLAGS -Wall -W -Wno-unused-parameter -Wfloat-equal -Wundef -Wpointer-a
 
 echo "confdir: $CONFDIR"
 
-AC_OUTPUT(Makefile contrib/tor.sh contrib/torify contrib/Makefile src/config/torrc.sample doc/tor.1 src/Makefile doc/Makefile doc/design-paper/Makefile src/config/Makefile src/common/Makefile src/or/Makefile src/win32/Makefile src/tools/Makefile)
+AC_OUTPUT(Makefile tor.spec contrib/tor.sh contrib/torify contrib/Makefile src/config/torrc.sample doc/tor.1 src/Makefile doc/Makefile doc/design-paper/Makefile src/config/Makefile src/common/Makefile src/or/Makefile src/win32/Makefile src/tools/Makefile)

contrib/Makefile.am

@@ -1,6 +1,6 @@
 confdir = $(sysconfdir)/tor
 
-EXTRA_DIST = tor-tsocks.conf torify.1 tor.spec
+EXTRA_DIST = tor-tsocks.conf torify.1
 
 conf_DATA = tor-tsocks.conf
 

contrib/tor.sh.in

@@ -10,10 +10,12 @@ TORGROUP=
 TORBIN=@BINDIR@/tor
 TORPID=@LOCALSTATEDIR@/run/tor/tor.pid
 TORLOG=@LOCALSTATEDIR@/log/tor/tor.log
+TORDATA=@LOCALSTATEDIR@/lib/tor
+
 TORCONF=@CONFDIR@/torrc
 # Strictly speaking, we don't need to su if we have --user and --group.
 # "Belt and suspenders," says jbash.
-TORARGS="--pidfile $TORPID --logfile $TORLOG --runasdaemon 1"
+TORARGS="--pidfile $TORPID --logfile $TORLOG --runasdaemon 1 --datadirectory $TORDATA"
 if [ "x$TORUSER" != "x" ]; then
     TORARGS="$TORARGS --user $TORUSER"
 fi
@@ -56,8 +58,8 @@ case "$1" in
             echo " ERROR!"
         fi
     else
-        echo "Unable to kill tor: $TORPID does not exist"
-        RETVAL=1
+        echo "Unable to kill tor: $TORPID does not exist. Assuming already dead."
+        RETVAL=0
     fi
     ;;
 

contrib/tor.spec

@@ -1,150 +0,0 @@
-# TODO:
-# Add /etc/logrotate.d/tor
-# 
-
-%define  blddate %(date -u +"%Y%m%d%H%M")
-
-%define  version       0.0.7
-%define  version_extra rc2
-%define  vepoch        0.1
-%define  tor_version   %{version}%{version_extra}
-# not quite right XXXXX
-%define  release 0.std.%{vepoch}.%{version_extra}
-
-Name: tor
-Version: %{version}
-Release: %{release}
-Summary: Anonymizing overlay network for TCP
-Vendor: R. Dingledine <arma@seul.org>
-Packager: Nick Mathewson <nickm@seul.org>
-License: BSD-like
-Group: Applications/Internet
-URL: http://freehaven.net/tor/
-
-Source0: http://freehaven.net/tor/dist/tor-%{tor_version}.tar.gz
-
-Requires: openssl >= 0.9.6
-BuildRequires: openssl-devel >= 0.9.6
-Requires(pre): shadow-utils, /usr/bin/id, /bin/date, /bin/sh
-Requires(pre): %{_sbindir}/useradd, %{_sbindir}/groupadd
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-%description
-Tor is a connection-based low-latency anonymous communication system which
-addresses many flaws in the original onion routing design.
-
-In brief, Onion Routing is a connection-oriented anonymizing communication
-service. Users choose a source-routed path through a set of nodes, and
-negotiate a "virtual circuit" through the network, in which each node
-knows its predecessor and successor, but no others. Traffic flowing down
-the circuit is unwrapped by a symmetric key at each node, which reveals
-the downstream node.
-
-Basically Tor provides a distributed network of servers ("onion
-routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc)
-around the routers, and recipients, observers, and even the routers
-themselves have difficulty tracking the source of the stream.
-
-Note that Tor does no protocol cleaning.  That means there is a danger that
-application protocols and associated programs can be induced to reveal
-information about the initiator.  Tor depends on Privoxy and similar protocol
-cleaners to solve this problem.
-
-Client applications can use the Tor network by connecting to the local
-onion proxy.  If the application itself does not come with socks support
-you can use a socks client such as tsocks.  Some web browsers like mozilla
-and web proxies like privoxy come with socks support, so you don't need an
-extra socks client if you want to use Tor with them.
-
-Remember that this is alpha code, and the network is very small -- Tor will
-not provide anonymity currently.
-
-This package provides the "tor" program, which serves as both a client
-and a relay node. Scripts will automatically create a "tor" user and
-group, set tor up to run as a daemon, and automatically start it at
-installation time.
-
-%prep
-%setup -q -n tor-%{tor_version}
-
-# Patch the startup script to use the right user and group IDs. Force
-# the use of /bin/sh as the shell for the "tor" account.
-ed -s contrib/tor.sh.in << '/EOF/' > /dev/null
-,s/^TORUSER=$/TORUSER=tor/
-,s/^TORGROUP=$/TORGROUP=tor/
-,s:/bin/su:/bin/su -s /bin/sh:
-#
-# Save and exit ed
-w
-q
-/EOF/
-
-%build
-%configure
-%__make
-
-%install
-%makeinstall
-
-# Install init script.
-%__mkdir_p ${RPM_BUILD_ROOT}%{_initrddir}
-%__install -p -m 755 contrib/tor.sh ${RPM_BUILD_ROOT}%{_initrddir}/tor
-
-# Directories that don't have any preinstalled files
-%__mkdir_p -m 700 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tor
-%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/run/tor
-%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/log/tor
-
-%clean
-[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
-
-%pre
-[ -f %{_initrddir}/tor  ] && /sbin/service tor stop
-if [ ! -n "`/usr/bin/id -g tor 2>/dev/null`" ]; then
-    # One would like to default the GID, but doing that properly would
-    # require thought.
-    %{_sbindir}/groupadd tor 2> /dev/null
-fi
-if [ ! -n "`/usr/bin/id -u tor 2>/dev/null`" ]; then
-    # One would also like to default the UID, but doing that properly would
-    # also require thought.
-    if [ -x /sbin/nologin ]; then
-        %{_sbindir}/useradd -r -g tor -d / -s /sbin/nologin tor 2> /dev/null
-    else
-        %{_sbindir}/useradd -r -g tor -d / -s /bin/false tor 2> /dev/null
-    fi
-fi
-
-%post
-/sbin/chkconfig --add tor
-/sbin/chkconfig tor && /sbin/service tor start
-
-%preun
-/sbin/chkconfig tor && /sbin/service tor stop
-/sbin/chkconfig --del tor
-
-%files
-%defattr(-,root,root)
-%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO doc/FAQ
-#%{_mandir}/man1/tor.1.gz
-#%{_mandir}/man1/torify.1.gz
-%{_mandir}/man*/*
-%{_bindir}/tor
-%{_bindir}/torify
-%config %{_initrddir}/tor
-%dir %{_sysconfdir}/tor/
-%config(noreplace) %{_sysconfdir}/tor/torrc.sample
-%config(noreplace) %{_sysconfdir}/tor/dirservers
-%config(noreplace) %{_sysconfdir}/tor/tor-tsocks.conf
-%attr(0700,tor,tor) %dir %{_localstatedir}/lib/tor
-%attr(0755,tor,tor) %dir %{_localstatedir}/run/tor
-%attr(0755,tor,tor) %dir %{_localstatedir}/log/tor
-
-%changelog
-* Mon Jun 06 2004 Nick Mathewson <nickm@freehaven.net> 0.0.7-0.std.0.1.rc2
-- Make spec file more happy with fc2 packaging 
-
-* Sat Jan 17 2004 John Bashinski <jbash@velvet.com>
-- Basic spec file; tested with Red Hat 9.
-

src/config/torrc.sample.in

@@ -17,23 +17,23 @@ SocksBindAddress 127.0.0.1 # accept connections only from localhost
 # Other choices (not advised) are entry,exit,introduction.
 AllowUnverifiedNodes middle,rendezvous
 
-# By default, we send log messages to stdout.  If you want
-# them to go somewhere else, uncomment one or more of these example
-# configurations.
-### Send all messages of level 'warn' or higher to /var/log/tor/warnings
-#LogFile /var/log/tor/warnings
+# Logs go to stdout unless redirected by something else, like one of
+# the below lines, or --logfile on the command line.
+### Send all messages of level 'warn' or higher to @LOCALSTATEDIR@/log/tor/warnings
+#LogFile @LOCALSTATEDIR@/log/tor/warnings
 #LogLevel warn
-### Send all debug and info messages to /var/log/tor/debug
-#LogFile /var/log/tor/debug
+### Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug
+#LogFile @LOCALSTATEDIR@/log/tor/debug
 #LogLevel debug-info
-### Send all debug messages ONLY to /var/log/tor/debug
-#LogFile /var/log/tor/debug
+### Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug
+#LogFile @LOCALSTATEDIR@/log/tor/debug
 #LogLevel debug-debug
 ### To use the system log instead of Tor's logfiles, uncomment these lines:
 #SysLog
 #LogLevel notice
 
-# Uncomment this to start the process in the background
+# Uncomment this to start the process in the background... or use
+# --runasdaemon 1 on the command line.
 #RunAsDaemon 1
 
 # The three trusted directory servers on the current Tor network.
@@ -52,11 +52,11 @@ DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
 ## your configuration. See the README for details.
 
 ## The directory for keeping all the keys/etc for this server
-#DataDirectory @LOCALSTATEDIR@/lib/tor
+DataDirectory @LOCALSTATEDIR@/lib/tor
 
-#Nickname moria # A unique handle for this server
-#Address moria.seul.org # The IP or fqdn for this server
-#ContactInfo 1024D/28988BF5 Roger Dingledine <arma@mit.edu>
+#Nickname ididntedithtconfig       # A unique handle for this server
+#Address noname.example.com        # The IP or fqdn for this server
+#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>
 
 #ORPort 9001 # where to listen for tor connections
 # If you want to listen on a port other than the one advertised

tor.spec.in

@@ -0,0 +1,249 @@
+## NOTE: tor.spec is autogenerated from tor.spec.in . Edit the latter,
+## not the former.
+
+## Things that need to be edited frequently
+#
+# This should be incremented whenever the spec file changes, but
+# can drop back to zero at a new Tor version
+
+%define  specver 0
+
+## Things users may want to change
+#
+# User (and group) name under which the Tor daemon runs
+
+%define runuser tordmn
+
+## Version song and dance
+#
+# This should be the Tor version number, as it appears on the tarball,
+# including any "pre<x>" or "rc<y>" suffix. This gets massaged to
+# create the RPM version number, in a way that depends on the Tor
+# numbering scheme.
+%define  native_version       @VERSION@
+
+# Massage the version so that pre-releases will be treated as earlier
+# than release candidates which will be treated as earlier than released
+# versions... while making as few confusing changes to the standard
+# release naming as possible.
+# XXXX009 Execept that handling cvs breaks this.
+%define version %(echo %{native_version} | sed 's/-cvs/.cvs/' -e 's/pre/.pre./' -e 's/rc/.rc./' -e 's/([0-9])$/\1.release/')
+
+## Release and OS identification song and dance
+#
+# This identifies the lineage of the spec file. This file is the
+# standard one that comes with Tor; various distributions may
+# have their own ideas about the right ways to do things.
+%define pkgspec tor
+
+# This spec is intended to build and install on multiple distributions.
+# Detect the distribution we're building on.
+
+%define is_rh   %(test -e /etc/redhat-release && echo 1 || echo 0)
+%define is_fc   %(test -e /etc/fedora-release && echo 1 || echo 0)
+%define is_mdk  %(test -e /etc/mandrake-release && echo 1 || echo 0)
+%define is_suse %(test -e /etc/SuSE-release && echo 1 || echo 0)
+
+%if %{is_fc}
+%define ostag %(sed -e 's/^.*release /fc/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/fedora-release)
+%endif
+
+%if %{is_rh}
+%define ostag %(sed -e 's/^.*release /rh/' -e 's/ .*$//' -e 's/\\./_/g' < /etc/redhat-release)
+%endif
+
+# These are probably wrong... just placeholders should we actually
+# end up supporting these distributions
+
+%if %{is_mdk}
+%define ostag mdk
+%endif
+
+%if %{is_suse}
+%define ostag suse
+%endif
+
+# Using the build date ensures that every build really does get
+# a different release number.
+%define  blddate %(date -u +"%Y%m%d%H%M")
+
+# ... and here it is.
+%define release %{pkgspec}.%{specver}.%{ostag}.%{blddate}
+
+## General-purpose macros
+#
+# Some systems don't have some macros. If a macro doesn't seem
+# to exist on your system, add it here...
+
+%if %{!?__make:1}%{?__make:0}
+%define __make make
+%endif
+
+%if %{!?make:1}%{?make:0}
+%define make %{__make}
+%endif
+
+%if %{!?_localstatedir:1}%{?_localstatedir:0}
+%define _localstatedir @LOCALSTATEDIR@
+%endif
+
+## Package information
+#
+Name: tor
+Version: %{version}
+Release: %{release}
+
+Summary: Anonymizing overlay network for TCP (The onion router)
+URL: http://freehaven.net/%{name}/
+Group: System Environment/Daemons
+
+License: BSD-like
+Vendor: R. Dingledine <arma@seul.org>
+Packager: Nick Mathewson <nickm@seul.org>
+
+Requires: openssl >= 0.9.6
+BuildRequires: openssl-devel >= 0.9.6, rpm-build >= 4.0
+Requires(pre): shadow-utils, /usr/bin/id, /bin/date, /bin/sh
+Requires(pre): %{_sbindir}/useradd, %{_sbindir}/groupadd
+
+Source0: http://freehaven.net/%{name}/dist/%{name}-%{native_version}.tar.gz
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+
+%description
+Tor is a connection-based low-latency anonymous communication system.
+
+This package provides the "tor" program, which serves as both a client and
+a relay node. Scripts will automatically create a "%{runuser}" user and
+group, and set tor up to run as a daemon when the system is rebooted.
+
+Clients connect to their local Tor servers using the SOCKS5
+protocol. The local server chooses a path through a set of relays, in
+which each relay knows its predecessor and successor, but no
+others. Traffic flowing down the circuit is unwrapped by a symmetric
+key at each relay, which reveals the downstream node.
+
+Warnings: Tor does no protocol cleaning.  That means there is a danger
+that application protocols and associated programs can be induced to
+reveal information about the initiator. Tor depends on Privoxy and
+similar protocol cleaners to solve this problem. This is alpha code,
+and is even more likely than released code to have anonymity-spoiling
+bugs. The present network is very small -- this further reduces the
+strength of the anonymity provided. Tor is not presently suitable
+for high-stakes anonymity.
+
+%prep
+%setup -q -n %{name}-%{native_version}
+
+# Patch the startup script to use the right user and group IDs. Force
+# the use of /bin/sh as the shell for the "tor" account.
+ed -s contrib/tor.sh.in << '/EOF/' > /dev/null
+,s/^TORUSER=$/TORUSER=%{runuser}/
+,s/^TORGROUP=$/TORGROUP=%{runuser}/
+,s:/bin/su:/bin/su -s /bin/sh:
+#
+# Save and exit ed
+w
+q
+/EOF/
+
+%build
+%configure
+%make
+
+%install
+%makeinstall
+
+# Install init script.
+%__mkdir_p ${RPM_BUILD_ROOT}%{_initrddir}
+%__install -p -m 755 contrib/tor.sh ${RPM_BUILD_ROOT}%{_initrddir}/%{name}
+
+# Set up config file; "sample" file implements a basic user node.
+%__install -p -m 644 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc.sample ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc
+
+# Create a logrotate file. This should really be a source file,
+# but hey...
+%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
+%__cat > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} << /EOF/
+%{_localstatedir}/log/%{name} {
+    missingok
+    notifempty
+    sharedscripts
+}
+/EOF/
+
+# Directories that don't have any preinstalled files
+%__mkdir_p -m 700 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{name}
+%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}
+%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_localstatedir}/log/%{name}
+
+%clean
+[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
+
+# These scripts are probably wrong for Mandrake or SuSe. They're certainly
+# wrong for Debian, but what are you doing using RPM on Debian?
+%pre
+[ -f %{_initrddir}/%{name}  ] && /sbin/service %{name} stop
+if [ ! -n "`/usr/bin/id -g %{runuser} 2>/dev/null`" ]; then
+    # One would like to default the GID, but doing that properly would
+    # require thought.
+    %{_sbindir}/groupadd %{runuser} 2> /dev/null
+fi
+if [ ! -n "`/usr/bin/id -u %{runuser} 2>/dev/null`" ]; then
+    # One would also like to default the UID, but doing that properly would
+    # also require thought.
+    if [ -x /sbin/nologin ]; then
+        %{_sbindir}/useradd -r -g %{runuser} -d / -s /sbin/nologin %{runuser} 2> /dev/null
+    else
+        %{_sbindir}/useradd -r -g %{runuser} -d / -s /bin/false %{runuser} 2> /dev/null
+    fi
+fi
+exit 0
+
+%post
+/sbin/chkconfig --add %{name}
+exit 0
+
+%preun
+/sbin/chkconfig --del %{name}
+exit 0
+
+%files
+%defattr(-,root,root)
+%doc AUTHORS INSTALL LICENSE README ChangeLog doc/HACKING doc/TODO doc/FAQ
+%{_mandir}/man*/*
+%{_bindir}/tor
+%{_bindir}/torify
+%{_bindir}/tor-resolve
+%config %{_initrddir}/%{name}
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/logrotate.d/%{name}
+%dir %attr(0750,root,%{runuser}) %{_sysconfdir}/%{name}/
+%config(noreplace) %attr(0640,root,%{runuser}) %{_sysconfdir}/%{name}/*
+%attr(0700,%{runuser},%{runuser}) %dir %{_localstatedir}/lib/%{name}
+%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/run/%{name}
+%attr(0750,%{runuser},%{runuser}) %dir %{_localstatedir}/log/%{name}
+
+%changelog
+* Tue Nov  5 2004 John Bashinski <jbash@velvet.com>
+- Add skeletal support for multiple distributions
+- Even more ridiculous level of macro-ization
+- Modify version numbers so RPM can determine when it has a newer version
+- Return to including distribution name in package release number
+- Sharply trim description
+- Change user/group name from "tor" to "tordmn"; "tor" is a common
+  given name (reported by Marius Hjelle)
+- Change group to "System Environment/Daemons" (suggested by Marius Hjelle)
+- Create logrotate file (suggested by Marius Hjelle)
+- Make Tor run as a user proxy by default (suggested by Marius Hjelle)
+- Autogenerate spec file from GNU autotools data, substituting version
+  and whatnot
+- Be perhaps excessively paranoid with config file and directory modes
+- Remove auto-start and auto-stop at installation time; there's some kind
+  of weird race going on, and it's arguably a bad thing anyway.
+
+* Mon Jun 06 2004 Nick Mathewson <nickm@freehaven.net> 0.0.7-0.std.0.1.rc2
+- Make spec file more happy with fc2 packaging 
+
+* Sat Jan 17 2004 John Bashinski <jbash@velvet.com>
+- Basic spec file; tested with Red Hat 9.
+