[or-cvs] r11611: Use Tor cookie authentication. Backported patch from Tor tru (in incognito/trunk: . portage.overlay/net-misc/tor portage.overlay/net-misc/tor/files root_overlay/etc/conf.d root_overlay/etc/init.d root_overlay/etc/tor)
double at seul.org
double at seul.org
Mon Sep 24 18:10:28 UTC 2007
Author: double
Date: 2007-09-24 14:10:28 -0400 (Mon, 24 Sep 2007)
New Revision: 11611
Added:
incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17-r1
incognito/trunk/portage.overlay/net-misc/tor/files/tor-cookieperm.patch
incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17-r1.ebuild
Removed:
incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17
incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17.ebuild
Modified:
incognito/trunk/ChangeLog
incognito/trunk/TODO
incognito/trunk/fsscript.sh
incognito/trunk/portage.overlay/net-misc/tor/Manifest
incognito/trunk/root_overlay/etc/conf.d/dns-proxy-tor
incognito/trunk/root_overlay/etc/init.d/external-config-setup
incognito/trunk/root_overlay/etc/tor/torrc
Log:
Use Tor cookie authentication. Backported patch from Tor trunk.
Modified: incognito/trunk/ChangeLog
===================================================================
--- incognito/trunk/ChangeLog 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/ChangeLog 2007-09-24 18:10:28 UTC (rev 11611)
@@ -11,6 +11,7 @@
to use dhcp because that is what NetworkManager requires.
- Add video driver fall back to VESA for video cards that are not
supported by a card specific driver.
+ - Use cookie authentication with Tor (more secure). Vidalia works again.
- Clean up task bar and background.
- Upgrade mixminion to 0.0.8 alpha3.
- Upgrade Firefox to 2.0.0.7.
Modified: incognito/trunk/TODO
===================================================================
--- incognito/trunk/TODO 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/TODO 2007-09-24 18:10:28 UTC (rev 11611)
@@ -3,8 +3,6 @@
spec (the detail to build your own)
impl (here's how we did it)
-- Change controllers (TorK, Vidalia) to use cookie authentication when CookieAuthFile, etc. config are available
-
- Verify security
Need some people to verify the software and configuration choices.
Modified: incognito/trunk/fsscript.sh
===================================================================
--- incognito/trunk/fsscript.sh 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/fsscript.sh 2007-09-24 18:10:28 UTC (rev 11611)
@@ -78,7 +78,9 @@
mkdir -p $USERDIR/.kde3.5/share/apps/konqueror
mv $USERDIR/.kde3.5/share/config/bookmarks.xml $USERDIR/.kde3.5/share/apps/konqueror/
- [[ -x /usr/kde/3.5/bin/knetworkmanager ]] && ( mkdir -p $USERDIR/.kde3.5/Autostart ; ln -s /usr/kde/3.5/bin/knetworkmanager $USERDIR/.kde3.5/Autostart )
+ [[ -x /usr/kde/3.5/bin/knetworkmanager ]] && KNETNM="/usr/kde/3.5/bin/knetworkmanager"
+ [[ -x /usr/bin/knetworkmanager ]] && KNETNM="/usr/bin/knetworkmanager"
+ [[ -n "${KNETNM}" ]] && ( mkdir -p $USERDIR/.kde3.5/Autostart ; ln -s "${KNETNM}" $USERDIR/.kde3.5/Autostart )
fi
# Fluxbox config
@@ -178,6 +180,15 @@
# Tor NICK
echo "Nickname incognito`date | md5sum | cut -b 1-10`" >> /etc/tor/torrc
+# Tor Cookie store
+mkdir -p /var/tor
+chown tor:tor /var/tor
+chmod 0770 /var/tor
+mkdir /home/gentoo/.tor
+chmod 0700 /home/gentoo/.tor
+chown gentoo:gentoo /home/gentoo/.tor
+ln -s /var/tor/control_auth_cookie /home/gentoo/.tor/control_auth_cookie
+
# Ensure correct user dir permissions
for USERDIR in /home/*; do
chown -R ${USERDIR/\/home\//}:users $USERDIR
@@ -198,7 +209,7 @@
find /var/db/pkg -name "CONTENTS" | xargs cat | grep "/\.keep" | awk '{print $2}' | xargs rm -f
-#echo "Removing dandling links"
+#echo "Removing dangling links"
#symlinks -dr /
# Make netstat SUID root so user programs such as TorK can monitor the network
Modified: incognito/trunk/portage.overlay/net-misc/tor/Manifest
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/Manifest 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/portage.overlay/net-misc/tor/Manifest 2007-09-24 18:10:28 UTC (rev 11611)
@@ -1,3 +1,7 @@
+AUX tor-cookieperm.patch 5965 RMD160 204210f32b06b32cba13048f3c61346cdd093c3b SHA1 38cf78fb133e08da0762ed383ab7bb01ef8207b3 SHA256 8ab7993895ab8bb87ddf317e4d1660d1e13ef605bc9cfe5bae6abb134d8b5c21
+MD5 55188b0091b0b272aea93499daa0c63e files/tor-cookieperm.patch 5965
+RMD160 204210f32b06b32cba13048f3c61346cdd093c3b files/tor-cookieperm.patch 5965
+SHA256 8ab7993895ab8bb87ddf317e4d1660d1e13ef605bc9cfe5bae6abb134d8b5c21 files/tor-cookieperm.patch 5965
AUX tor.initd-r2 1494 RMD160 56ac023f10e4a170daa8ec29c854968e1320107c SHA1 e76e069ce828c2a21cef0450033056d8e4e604dd SHA256 51fd05cb4c079fcb392459d066a7505de9f57f9f10b7ad5b274edcd1fe9cd1e4
MD5 560d45ac7d56dda6c184f93c13124329 files/tor.initd-r2 1494
RMD160 56ac023f10e4a170daa8ec29c854968e1320107c files/tor.initd-r2 1494
@@ -11,10 +15,10 @@
RMD160 3656774f05abe54ec22a121954a1d437fe1da520 files/torrc.sample-0.1.2.6.patch 1145
SHA256 5b94e1d8c097626402b0b388fefb15f11b95db112b23d358e04cfe55331911f1 files/torrc.sample-0.1.2.6.patch 1145
DIST tor-0.1.2.17.tar.gz 1251636 RMD160 7ec316cdcc57ab5e817af1dcda913438b332f7e3 SHA1 01092fb75c407b5c1d7f33db069cf7641973d94d SHA256 fc0fb0c2891ae09854a69512c6b4988964f2eaf62ce80ed6644cb21f87f6056a
-EBUILD tor-0.1.2.17.ebuild 1640 RMD160 99cabef17b666c986c7359c427a77cfe9d804815 SHA1 1c1b49bc5f622fda8d4e34403658675307e02e8b SHA256 d29d963941e231a373ec8068e7bd73dcf4ec3fcf9f93e9da3a627b3dcc90a7e2
-MD5 1122217594d4c853cf12e42842115cd2 tor-0.1.2.17.ebuild 1640
-RMD160 99cabef17b666c986c7359c427a77cfe9d804815 tor-0.1.2.17.ebuild 1640
-SHA256 d29d963941e231a373ec8068e7bd73dcf4ec3fcf9f93e9da3a627b3dcc90a7e2 tor-0.1.2.17.ebuild 1640
-MD5 4a8ab56f90fdc58af64409df7f710d8e files/digest-tor-0.1.2.17 241
-RMD160 e8486d532666624486b2aa7691c5af4a191ddfbc files/digest-tor-0.1.2.17 241
-SHA256 81eb13f4b0a8d6799d16cc9e197296fffc13bb27e024dfeff3cbe6613105d171 files/digest-tor-0.1.2.17 241
+EBUILD tor-0.1.2.17-r1.ebuild 1683 RMD160 736b99e19ee254978b2cfb4695f36cc9f6133148 SHA1 72a94c3865ca4e54b404297e3f61f319c41e390c SHA256 569d63f95506beef05ef1c61c0fde20f0c3d61b0711681dc012f979b8b7e7bac
+MD5 d35f3240789a3779a8e8437a5e5a6ebd tor-0.1.2.17-r1.ebuild 1683
+RMD160 736b99e19ee254978b2cfb4695f36cc9f6133148 tor-0.1.2.17-r1.ebuild 1683
+SHA256 569d63f95506beef05ef1c61c0fde20f0c3d61b0711681dc012f979b8b7e7bac tor-0.1.2.17-r1.ebuild 1683
+MD5 4a8ab56f90fdc58af64409df7f710d8e files/digest-tor-0.1.2.17-r1 241
+RMD160 e8486d532666624486b2aa7691c5af4a191ddfbc files/digest-tor-0.1.2.17-r1 241
+SHA256 81eb13f4b0a8d6799d16cc9e197296fffc13bb27e024dfeff3cbe6613105d171 files/digest-tor-0.1.2.17-r1 241
Deleted: incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17 2007-09-24 18:10:28 UTC (rev 11611)
@@ -1,3 +0,0 @@
-MD5 ef8fc7f45d167875c337063d437c9832 tor-0.1.2.17.tar.gz 1251636
-RMD160 7ec316cdcc57ab5e817af1dcda913438b332f7e3 tor-0.1.2.17.tar.gz 1251636
-SHA256 fc0fb0c2891ae09854a69512c6b4988964f2eaf62ce80ed6644cb21f87f6056a tor-0.1.2.17.tar.gz 1251636
Added: incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17-r1
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17-r1 (rev 0)
+++ incognito/trunk/portage.overlay/net-misc/tor/files/digest-tor-0.1.2.17-r1 2007-09-24 18:10:28 UTC (rev 11611)
@@ -0,0 +1,3 @@
+MD5 ef8fc7f45d167875c337063d437c9832 tor-0.1.2.17.tar.gz 1251636
+RMD160 7ec316cdcc57ab5e817af1dcda913438b332f7e3 tor-0.1.2.17.tar.gz 1251636
+SHA256 fc0fb0c2891ae09854a69512c6b4988964f2eaf62ce80ed6644cb21f87f6056a tor-0.1.2.17.tar.gz 1251636
Added: incognito/trunk/portage.overlay/net-misc/tor/files/tor-cookieperm.patch
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/files/tor-cookieperm.patch (rev 0)
+++ incognito/trunk/portage.overlay/net-misc/tor/files/tor-cookieperm.patch 2007-09-24 18:10:28 UTC (rev 11611)
@@ -0,0 +1,131 @@
+diff -ur tor-0.1.2.17.orig/ChangeLog tor-0.1.2.17/ChangeLog
+--- tor-0.1.2.17.orig/ChangeLog 2007-08-29 03:29:21.000000000 -0500
++++ tor-0.1.2.17/ChangeLog 2007-09-24 04:27:30.000000000 -0500
+@@ -20,12 +20,19 @@
+ they've been around longer than SocksTimeout. Right now there are
+ some cases where the stream will live forever, demanding a new
+ circuit every 15 seconds. Fixes bug 454; reported by lodger.
++ - Stop putting the authentication cookie in a file called "0"
++ in your working directory if you don't specify anything for the
++ new CookieAuthFile option. Reported by Matt Edman.
++
+
+ o Minor features (controller):
+ - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
+ is valid before any authentication has been received. It tells
+ a controller what kind of authentication is expected, and what
+ protocol is spoken. Implements proposal 119.
++ - Implement options to allow the controller to pick a new location for
++ the cookie authentication file, and to make it group-readable.
++
+
+ o Minor bugfixes (performance):
+ - Save on most routerlist_assert_ok() calls in routerlist.c, thus
+Only in tor-0.1.2.17: ChangeLog.orig
+diff -ur tor-0.1.2.17.orig/doc/tor.1.in tor-0.1.2.17/doc/tor.1.in
+--- tor-0.1.2.17.orig/doc/tor.1.in 2007-05-24 19:51:42.000000000 -0500
++++ tor-0.1.2.17/doc/tor.1.in 2007-09-24 04:26:21.000000000 -0500
+@@ -119,10 +119,23 @@
+ If this option is set to 1, don't allow any connections on the control port
+ except when the connecting process knows the contents of a file named
+ "control_auth_cookie", which Tor will create in its data directory. This
+-authentication methods should only be used on systems with good filesystem
++authentication method should only be used on systems with good filesystem
+ security. (Default: 0)
+ .LP
+ .TP
++\fBCookieAuthFile \fR\fIPath\fP
++If set, this option overrides the default location and file name for Tor's
++cookie file. (See CookieAuthentication above.)
++.LP
++.TP
++\fBCookieAuthFileGroupReadable \fR\fB0\fR|\fB1\R|\fIGroupName\fP
++If this option is set to 0, don't allow the filesystem group to read
++the cookie file. If the option is set to 1, make the cookie file
++readable by the default GID. [Making the file readable by other
++groups is not yet implemented; let us know if you need this for some
++reason.] (Default: 0).
++.LP
++.TP
+ \fBDataDirectory \fR\fIDIR\fP
+ Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
+ .LP
+@@ -1057,7 +1070,10 @@
+ .LP
+ .TP
+ .B \fIDataDirectory\fP/control_auth_cookie
+-Used for cookie authentication with the controller. Regenerated on startup. See control-spec.txt for details. Only used when cookie authentication is enabled.
++Used for cookie authentication with the controller. Location can be
++overridden by the CookieAuthFile config option. Regenerated on startup.
++See control-spec.txt for details. Only used when cookie authentication
++is enabled.
+ .LP
+ .TP
+ .B \fIDataDirectory\fP/keys/*
+Only in tor-0.1.2.17/doc: tor.1.in.orig
+diff -ur tor-0.1.2.17.orig/src/or/config.c tor-0.1.2.17/src/or/config.c
+--- tor-0.1.2.17.orig/src/or/config.c 2007-08-25 16:42:32.000000000 -0500
++++ tor-0.1.2.17/src/or/config.c 2007-09-24 04:26:21.000000000 -0500
+@@ -143,6 +143,8 @@
+ VAR("ControlListenAddress",LINELIST, ControlListenAddress, NULL),
+ VAR("ControlPort", UINT, ControlPort, "0"),
+ VAR("CookieAuthentication",BOOL, CookieAuthentication, "0"),
++ VAR("CookieAuthFileGroupReadable",BOOL,CookieAuthFileGroupReadable, "0"),
++ VAR("CookieAuthFile", STRING, CookieAuthFile, "0"),
+ VAR("DataDirectory", STRING, DataDirectory, NULL),
+ OBSOLETE("DebugLogFile"),
+ VAR("DirAllowPrivateAddresses",BOOL, DirAllowPrivateAddresses, NULL),
+Only in tor-0.1.2.17/src/or: config.c.orig
+diff -ur tor-0.1.2.17.orig/src/or/control.c tor-0.1.2.17/src/or/control.c
+--- tor-0.1.2.17.orig/src/or/control.c 2007-08-22 02:59:58.000000000 -0500
++++ tor-0.1.2.17/src/or/control.c 2007-09-24 04:25:26.000000000 -0500
+@@ -3301,11 +3301,16 @@
+ static char *
+ get_cookie_file(void)
+ {
+- const char *datadir = get_options()->DataDirectory;
+- size_t len = strlen(datadir)+64;
+- char *fname = tor_malloc(len);
+- tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
+- return fname;
++ or_options_t *options = get_options();
++ if (options->CookieAuthFile && strlen(options->CookieAuthFile)) {
++ return tor_strdup(options->CookieAuthFile);
++ } else {
++ const char *datadir = get_options()->DataDirectory;
++ size_t len = strlen(datadir)+64;
++ char *fname = tor_malloc(len);
++ tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
++ return fname;
++ }
+ }
+
+ /** Choose a random authentication cookie and write it to disk.
+@@ -3335,6 +3340,13 @@
+ tor_free(fname);
+ return -1;
+ }
++#ifndef MS_WINDOWS
++ if (get_options()->CookieAuthFileGroupReadable) {
++ if (chmod(fname, 0640)) {
++ log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
++ }
++ }
++#endif
+
+ tor_free(fname);
+ return 0;
+Only in tor-0.1.2.17/src/or: control.c.orig
+diff -ur tor-0.1.2.17.orig/src/or/or.h tor-0.1.2.17/src/or/or.h
+--- tor-0.1.2.17.orig/src/or/or.h 2007-08-25 16:42:32.000000000 -0500
++++ tor-0.1.2.17/src/or/or.h 2007-09-24 04:25:26.000000000 -0500
+@@ -1752,6 +1752,8 @@
+ * the control system. */
+ int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
+ * the control system? */
++ char *CookieAuthFile; /**< Location of a cookie authentication file. */
++ int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
+ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
+ * circuits itself (0), or does it expect a controller
+ * to cope? (1) */
+Only in tor-0.1.2.17/src/or: or.h.orig
Copied: incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17-r1.ebuild (from rev 11560, incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17.ebuild)
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17-r1.ebuild (rev 0)
+++ incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17-r1.ebuild 2007-09-24 18:10:28 UTC (rev 11611)
@@ -0,0 +1,67 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tor/tor-0.1.2.14.ebuild,v 1.4 2007/05/31 14:32:18 ranger Exp $
+
+inherit eutils
+
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="http://tor.eff.org"
+MY_PV=${PV/_/-}
+SRC_URI="http://tor.eff.org/dist/${PN}-${MY_PV}.tar.gz"
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ppc64 sparc x86 ~x86-fbsd"
+IUSE="debug"
+
+DEPEND="dev-libs/openssl
+ >=dev-libs/libevent-1.2"
+RDEPEND="${DEPEND}
+ net-proxy/tsocks"
+
+pkg_setup() {
+ enewgroup tor
+ enewuser tor -1 -1 /var/lib/tor tor
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/torrc.sample-0.1.2.6.patch
+ epatch "${FILESDIR}"/tor.logrotate.patch
+ epatch "${FILESDIR}"/tor-cookieperm.patch
+}
+
+src_compile() {
+ econf $(use_enable debug)
+ emake || die "emake failed"
+}
+
+src_install() {
+ newinitd "${FILESDIR}"/tor.initd-r2 tor
+ emake DESTDIR="${D}" install || die
+ keepdir /var/{lib,log,run}/tor
+
+ dodoc README ChangeLog AUTHORS ReleaseNotes \
+ doc/{HACKING,TODO} \
+ doc/spec/*.txt
+
+ fperms 750 /var/lib/tor /var/log/tor
+ fperms 755 /var/run/tor
+ fowners tor:tor /var/lib/tor /var/log/tor /var/run/tor
+
+ sed -i -e "s:/lib::" \
+ -e "s:/rc.d::" \
+ -e "s:\\*:\\*.:" contrib/tor.logrotate
+ insinto /etc/logrotate.d
+ newins contrib/tor.logrotate tor
+}
+
+pkg_postinst() {
+ elog "You must create /etc/tor/torrc, you can use the sample that is in that directory"
+ elog "To have privoxy and tor working together you must add:"
+ elog "forward-socks4a / localhost:9050 ."
+ elog "(notice the . at the end of the line)"
+ elog "to /etc/privoxy/config"
+}
Deleted: incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17.ebuild
===================================================================
--- incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17.ebuild 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/portage.overlay/net-misc/tor/tor-0.1.2.17.ebuild 2007-09-24 18:10:28 UTC (rev 11611)
@@ -1,66 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tor/tor-0.1.2.14.ebuild,v 1.4 2007/05/31 14:32:18 ranger Exp $
-
-inherit eutils
-
-DESCRIPTION="Anonymizing overlay network for TCP"
-HOMEPAGE="http://tor.eff.org"
-MY_PV=${PV/_/-}
-SRC_URI="http://tor.eff.org/dist/${PN}-${MY_PV}.tar.gz"
-S="${WORKDIR}/${PN}-${MY_PV}"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ppc64 sparc x86 ~x86-fbsd"
-IUSE="debug"
-
-DEPEND="dev-libs/openssl
- >=dev-libs/libevent-1.2"
-RDEPEND="${DEPEND}
- net-proxy/tsocks"
-
-pkg_setup() {
- enewgroup tor
- enewuser tor -1 -1 /var/lib/tor tor
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
- epatch "${FILESDIR}"/torrc.sample-0.1.2.6.patch
- epatch "${FILESDIR}"/tor.logrotate.patch
-}
-
-src_compile() {
- econf $(use_enable debug)
- emake || die "emake failed"
-}
-
-src_install() {
- newinitd "${FILESDIR}"/tor.initd-r2 tor
- emake DESTDIR="${D}" install || die
- keepdir /var/{lib,log,run}/tor
-
- dodoc README ChangeLog AUTHORS ReleaseNotes \
- doc/{HACKING,TODO} \
- doc/spec/*.txt
-
- fperms 750 /var/lib/tor /var/log/tor
- fperms 755 /var/run/tor
- fowners tor:tor /var/lib/tor /var/log/tor /var/run/tor
-
- sed -i -e "s:/lib::" \
- -e "s:/rc.d::" \
- -e "s:\\*:\\*.:" contrib/tor.logrotate
- insinto /etc/logrotate.d
- newins contrib/tor.logrotate tor
-}
-
-pkg_postinst() {
- elog "You must create /etc/tor/torrc, you can use the sample that is in that directory"
- elog "To have privoxy and tor working together you must add:"
- elog "forward-socks4a / localhost:9050 ."
- elog "(notice the . at the end of the line)"
- elog "to /etc/privoxy/config"
-}
Modified: incognito/trunk/root_overlay/etc/conf.d/dns-proxy-tor
===================================================================
--- incognito/trunk/root_overlay/etc/conf.d/dns-proxy-tor 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/root_overlay/etc/conf.d/dns-proxy-tor 2007-09-24 18:10:28 UTC (rev 11611)
@@ -13,7 +13,7 @@
TOR_ADDRESS="127.0.0.1:9051"
# Tor CookieAuthentication directory. See perldoc.
-#TOR_COOKIE_AUTH=""
+TOR_COOKIE_AUTH="/var/tor"
# Password specified in torrc using HashedControlPassword
#TOR_PASSWORD=""
Modified: incognito/trunk/root_overlay/etc/init.d/external-config-setup
===================================================================
--- incognito/trunk/root_overlay/etc/init.d/external-config-setup 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/root_overlay/etc/init.d/external-config-setup 2007-09-24 18:10:28 UTC (rev 11611)
@@ -145,53 +145,6 @@
CD_DEV="$(eject -n | sed 's:.*\(/dev/[A-Za-z0-9]*\).*:\1:')"
[[ ! -f /var/state/boot-media-home ]] && grep docache /proc/cmdline >/dev/null && [[ -n "${CD_DEV}" ]] && grep "${CD_DEV}" /proc/mounts >/dev/null && eject
- # Setup password for Tor control port
- ebegin "Securing Tor control port"
- TOR_PW=""
- TORKRC="/home/gentoo/.kde3.5/share/config/torkrc"
- VIDALIACONF="/home/gentoo/.vidalia/vidalia.conf"
- TOR_NEW_PW=1
- # See if the user set a password in an existing config
- [[ -r "${TORKRC}" ]] && TOR_PW="$(grep HashedControlPassword ${TORKRC} | cut -d = -f 2)" && TOR_NEW_PW=0
- if [[ -r "${VIDALIACONF}" ]]; then
- if [[ -r "${TORKRC}" ]]; then
- if [[ "${VIDALIACONF}" -nt "${TORKRC}" ]]; then
- TOR_PW="$(grep ControlPassword ${VIDALIACONF} | cut -d = -f 2)" && TOR_NEW_PW=0
- fi
- else
- TOR_PW="$(grep ControlPassword ${VIDALIACONF} | cut -d = -f 2)" && TOR_NEW_PW=0
- fi
- fi
- [[ -z "${TOR_PW}" ]] && TOR_PW="$(dd if=/dev/random bs=2048 count=1 2>/dev/null | md5sum | cut -d ' ' -f 1)" && TOR_NEW_PW=1
- TOR_PW_HASH="$(tor --hash-password ${TOR_PW} | tail -n 1)"
- cat >> /etc/tor/torrc <<EOF
-
-HashedControlPassword ${TOR_PW_HASH}
-EOF
- [[ -w "/etc/conf.d/dns-proxy-tor" ]] && cat >> /etc/conf.d/dns-proxy-tor <<EOF
-TOR_PASSWORD="${TOR_PW}"
-EOF
-
- if [[ "${TOR_NEW_PW}" == "1" ]]; then
- [[ -w "${TORKRC}" ]] && cat >> "${TORKRC}" <<EOF
-
-[Usability]
-CookieAuthentication=false
-HashedControlPassword=${TOR_PW}
-User=gentoo
-
-EOF
- [[ -w "${TORKRC}" ]] && chown gentoo:users "${TORKRC}" && chmod 0600 "${TORKRC}"
- [[ -x "/usr/bin/vidalia" ]] && mkdir -p "$(dirname ${VIDALIACONF})" && cat >> "${VIDALIACONF}" <<EOF
-
-[Tor]
-ControlPassword=${TOR_PW}
-UseRandomPassword=false
-EOF
- [[ -w "${VIDALIACONF}" ]] && chown gentoo:users "${VIDALIACONF}" && chmod 0600 "${VIDALIACONF}"
- fi
- eend 0
-
# The previous line could return a false value which is OK, but should not fail the service
true
Modified: incognito/trunk/root_overlay/etc/tor/torrc
===================================================================
--- incognito/trunk/root_overlay/etc/tor/torrc 2007-09-24 17:01:19 UTC (rev 11610)
+++ incognito/trunk/root_overlay/etc/tor/torrc 2007-09-24 18:10:28 UTC (rev 11611)
@@ -25,3 +25,7 @@
AvoidDiskWrites 1
+CookieAuthentication 1
+CookieAuthFile /var/tor/control_auth_cookie
+CookieAuthFileGroupReadable 1
+
More information about the tor-commits
mailing list