[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/

[John Helmert III]

commit: ac63593feec203a38fccf1189ba0fe3e304f4f8b
Author: John Helmert III  gentoo  org>
AuthorDate: Mon Dec 25 19:47:55 2023 +
Commit: John Helmert III  gentoo  org>
CommitDate: Mon Dec 25 19:55:26 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac63593f

net-vpn/tor: add 0.4.7.16-r1 for arm64 test patch

Closes: https://bugs.gentoo.org/920063
Signed-off-by: John Helmert III  gentoo.org>

 net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch | 337 +
 net-vpn/tor/tor-0.4.7.16-r1.ebuild | 168 ++
 2 files changed, 505 insertions(+)

diff --git a/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch 
b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch
new file mode 100644
index ..2b473bf981b6
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch
@@ -0,0 +1,337 @@
+From https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574
+Gentoo Bug: https://bugs.gentoo.org/920063
+From: Pierre Bourdon 
+Date: Sat, 30 Apr 2022 11:52:59 +0200
+Subject: [PATCH 1/4] sandbox: fix openat filtering on AArch64
+
+New glibc versions not sign-extending 32 bit negative constants seems to
+not be a thing on AArch64. I suspect that this might not be the only
+architecture where the sign-extensions is happening, and the correct fix
+might be instead to use a proper 32 bit comparison for the first openat
+parameter. For now, band-aid fix this so the sandbox can work again on
+AArch64.
+--- a/src/lib/sandbox/sandbox.c
 b/src/lib/sandbox/sandbox.c
+@@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void)
+ static int
+ libc_negative_constant_needs_cast(void)
+ {
++#if defined(__aarch64__) && defined(__LP64__)
++  /* Existing glibc versions always sign-extend to 64 bits on AArch64. */
++  return 0;
++#else
+   return is_libc_at_least(2, 27);
++#endif
+ }
+ 
+ /** Allow a single file to be opened.  If use_openat is true,
+-- 
+GitLab
+
+
+From 8fd13f7a7bfd4efc02d888ce9d10bcb6a80a03c8 Mon Sep 17 00:00:00 2001
+From: Pierre Bourdon 
+Date: Sat, 30 Apr 2022 13:02:16 +0200
+Subject: [PATCH 2/4] sandbox: filter {chown,chmod,rename} via their *at
+ variant on Aarch64
+
+The chown/chmod/rename syscalls have never existed on AArch64, and libc
+implements the POSIX functions via the fchownat/fchmodat/renameat
+syscalls instead.
+
+Add new filter functions for fchownat/fchmodat/renameat, not made
+architecture specific since the syscalls exists everywhere else too.
+However, in order to limit seccomp filter space usage, we only insert
+rules for one of {chown, chown32, fchownat} depending on the
+architecture (resp. {chmod, fchmodat}, {rename, renameat}).
+--- a/src/lib/sandbox/sandbox.c
 b/src/lib/sandbox/sandbox.c
+@@ -614,6 +614,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+   return 0;
+ }
+ 
++static int
++sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  // for each dynamic parameter filters
++  for (elem = filter; elem != NULL; elem = elem->next) {
++smp_param_t *param = elem->param;
++
++if (param != NULL && param->prot == 1 && param->syscall
++== SCMP_SYS(fchmodat)) {
++  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat),
++  SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++  SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
++  if (rc != 0) {
++log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received "
++"libseccomp error %d", rc);
++return rc;
++  }
++}
++  }
++
++  return 0;
++}
++
+ #ifdef __i386__
+ static int
+ sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+@@ -666,6 +692,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+ }
+ #endif /* defined(__i386__) */
+ 
++static int
++sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  // for each dynamic parameter filters
++  for (elem = filter; elem != NULL; elem = elem->next) {
++smp_param_t *param = elem->param;
++
++if (param != NULL && param->prot == 1 && param->syscall
++== SCMP_SYS(fchownat)) {
++  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat),
++  SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++  SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
++  if (rc != 0) {
++log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received "
++"libseccomp error %d", rc);
++return rc;
++  }
++}
++  }
++
++  return 0;
++}
++
+ /**
+  * Function responsible for setting up the rename syscall for
+  * the seccomp filter sandbox.
+@@ -697,6 +749,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+   return 0;
+ }
+ 
++/**
++ * Function responsible for setting up the renameat syscall for
++ * the seccomp filter sandbox.
++ */
++static int
++sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/

[Sam James]

commit: 3a9140bd748838d248b145584bdde02fee63a656
Author: Sam James  gentoo  org>
AuthorDate: Fri Dec 16 04:59:40 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Fri Dec 16 04:59:40 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9140bd

net-vpn/tor: drop 0.4.7.10-r1

Signed-off-by: Sam James  gentoo.org>

 net-vpn/tor/Manifest   |   3 -
 .../tor-0.4.7.10-strict-prototypes-clang16.patch   |  75 
 net-vpn/tor/tor-0.4.7.10-r1.ebuild | 127 -
 3 files changed, 205 deletions(-)

diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 657df6be0175..655ae9d6c656 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,6 +1,3 @@
-DIST tor-0.4.7.10.tar.gz 7933376 BLAKE2B 
46a9d932e7451bcc683e18d296d7a26bb4b544767cf4622910ebf90d82715718451ec3e0d6cd215eff5fe2cc3ae8441b8e6065c5877d7fc92c2f26ab5c7fa0cb
 SHA512 
e82877807d9e73fe12ab424830641e52b9b45034ca06f07e37648f50a3c1c10cd1b07081d8646b8e92c58658bdff5f6e9670e5104e9d05a531b1d85d0851a606
-DIST tor-0.4.7.10.tar.gz.sha256sum 86 BLAKE2B 
4b372b3508ffee497ecc9adab4a4d3d2b548100bb7dd54e1036c71004503d96148899096bbae807f2d626a5e26d0a947f7546df0a708a78b59b4d39bed3e849c
 SHA512 
518b6e617702386df7a84155d528f1a904a45221c946402da3fc3d40170dcdac117bff38c92a2e58ef4dd8d422433950f3904d27da66a99d808204432732cc9b
-DIST tor-0.4.7.10.tar.gz.sha256sum.asc 1321 BLAKE2B 
fc7fd43115992e5d434cc1bf2808eeb971ead532935be7493b4eef7804a65cad3cf4f9fd18158a0c8f3e19bb9e55c5fe7487ded9adb6782cbc1583e1159aaf7c
 SHA512 
789923b465e72a1a77b1b1951cd0f66c266c10119a480ce8b622f1f4aa07381b7403c27aca3badf51381da0b41498c9b0d42b2c5cedd6c54a617df9dc138689e
 DIST tor-0.4.7.11.tar.gz 7983705 BLAKE2B 
2d743e7d0aea63e76f6e24aa235792af8691fde419f56bbdf8c6ee865250a09ec06454ec84abac8ba47e3d61a363c937fc050376172d3ec6b0815998d1c8679e
 SHA512 
318377916880310438aa9804d1ea0154c5416d6b13988c4ff7f2e65fd38c94e2cd6c53252fd76a4dcb488f452837468e19197bf5feee4020e3c1927a76ed2937
 DIST tor-0.4.7.11.tar.gz.sha256sum 86 BLAKE2B 
1e49ba88ae21af6589a9815603ee375cc0dc85fcd8dd5a5f52cd44659438874ae9d10b09b7f15cadd2c30d2e8012a27be4233dcb19195d4627f19a59ccf68d0b
 SHA512 
cfdae54a70dc0d8eb0eaf8b8c9902a7dd8bc8d597a678d5a0bf431c3e09a8b56206b70b6f9207e3c06e1ba11913b25b81d7c269e49cde5f297ff7b165a3348a9
 DIST tor-0.4.7.11.tar.gz.sha256sum.asc 716 BLAKE2B 
2336ff3869b3a759626cd68c0c931dbdb6cf5b13e7a99e2dcc1c784e3832ba2f0314c1c2f3a9e5ccaba3f20d7aab9b9c918373194290769e358cbb5411323012
 SHA512 
b5e3c82378bc18268d6d4523787e12ece39246cc0f035fd1aedc50c2182d1ba3d2a8f8817a3dada2cd60acabb78f604f06ab347b92c6f42a82f260cc49285c2c

diff --git a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch 
b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
deleted file mode 100644
index 9317b6b215b7..
--- a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-https://gitlab.torproject.org/tpo/core/tor/-/commit/ee38514cc4372bfb7d01ee96a1110d600a30e061
-
-From ee38514cc4372bfb7d01ee96a1110d600a30e061 Mon Sep 17 00:00:00 2001
-From: Sam James 
-Date: Tue, 8 Nov 2022 06:42:59 +
-Subject: [PATCH] build: fix -Wstrict-prototypes (Clang 16)
-
-Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can
-among other things, lead to some configure tests silently failing/returning 
the wrong result.
-
-Fixes this error:
-```
--ignoreme: warning: a function declaration without a prototype is deprecated 
in all versions of C [-Wstrict-prototypes]
-+ignoreme: error: a function declaration without a prototype is deprecated in 
all versions of C [-Werror,-Wstrict-prototypes]
- main ()
-```
-
-For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
-or the (new) c-std-porting mailing list [3].
-
-[0] https://lwn.net/Articles/913505/
-[1] 
https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
-[2] 
https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
-[3] hosted at lists.linux.dev.
-
-Bug: https://bugs.gentoo.org/879747
-Signed-off-by: Sam James 
 a/configure.ac
-+++ b/configure.ac
-@@ -1982,7 +1982,7 @@ AC_CACHE_CHECK([whether memset(0) sets pointers to 
NULL], tor_cv_null_is_zero,
- #ifdef HAVE_STDDEF_H
- #include 
- #endif
--int main () { char *p1,*p2; p1=NULL; memset(,0,sizeof(p2));
-+int main (void) { char *p1,*p2; p1=NULL; memset(,0,sizeof(p2));
- return memcmp(,,sizeof(char*))?1:0; }]])],
-[tor_cv_null_is_zero=yes],
-[tor_cv_null_is_zero=no],
-@@ -2006,7 +2006,7 @@ AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], 
tor_cv_dbl0_is_zero,
- #ifdef HAVE_STDDEF_H
- #include 
- #endif
--int main () { double d1,d2; d1=0; memset(,0,sizeof(d2));
-+int main (void) { double d1,d2; d1=0; memset(,0,sizeof(d2));
- return memcmp(,,sizeof(d1))?1:0; }]])],
-[tor_cv_dbl0_is_zero=yes],
-[tor_cv_dbl0_is_zero=no],
-@@ 

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/

[Anthony G. Basile]

commit: 1b7eeddf3e05517493bcef669af7abb18877cb4c
Author: Anthony G. Basile  gentoo  org>
AuthorDate: Mon Nov  9 17:47:40 2020 +
Commit: Anthony G. Basile  gentoo  org>
CommitDate: Mon Nov  9 17:47:59 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b7eeddf

net-vpn/tor: add new alpha, version 0.4.5.1_alpha

Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Anthony G. Basile  gentoo.org>

 net-vpn/tor/Manifest |  1 +
 net-vpn/tor/files/tor.service| 38 +++
 net-vpn/tor/tor-0.4.5.1_alpha.ebuild | 92 
 3 files changed, 131 insertions(+)

diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 0fe711a7de4..d897b8ed930 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,2 +1,3 @@
 DIST tor-0.4.3.6.tar.gz 7745954 BLAKE2B 
3b04b2c79281483ef72421f8f5bfbc4f48358b6d38c151470eea7ea9bd2666e7098fe3fb0887d551f796443718791a3a464b007669c96e6bbcce7d7fc4c25d3a
 SHA512 
f4ab0788d27b3eab40853dde31eaf087ac84616fc3488973e7d01f4dbd3e71ba6ce3a3afcf0c6272223897d0a9c1556aa26dbc4d9b98cc5b43dd729d20a2fcca
 DIST tor-0.4.4.5.tar.gz 7808696 BLAKE2B 
b1c7342d5f1998b372529a8da1719a4f31c4e2516f9b666755b0edf29c7d66fa84a730fceed11e5c0bd1346f6fe06d7c96dd6a2161b0b2c3824468cd2f88f077
 SHA512 
8b7bedf998c66b33cb7b248ef33eb551dd75cca7eabf2133f716948d5bc83408d0be2ec1968e1c860b1067746b5645ea6e8f23478458b5eb2f5573ea7ecaecb7
+DIST tor-0.4.5.1-alpha.tar.gz 7901876 BLAKE2B 
328e6ee53125a2b3242436e57cb8df7ad6a2b79a31357ce08de6d035b70ff31c64d3574fc6cae59ef3a321c6cfd06bf996df222c531eeff73f46c1bd30636664
 SHA512 
f68dfae2a682d8648197fc97c516da13fce359902dc6da934605b402d1f5154e1322f4a4e63ad73629a170cc600396eb8dea89b4223c1ffae236291d0de87ea7

diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service
new file mode 100644
index 000..16638240c54
--- /dev/null
+++ b/net-vpn/tor/files/tor.service
@@ -0,0 +1,38 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service.  You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow.  Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
+[Unit]
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
+ExecStart=/usr/bin/tor -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=60
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
+
+# Hardening
+Group=tor
+RuntimeDirectory=tor
+RuntimeDirectoryMode=0770
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/tor
+ReadWriteDirectories=-/var/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target

diff --git a/net-vpn/tor/tor-0.4.5.1_alpha.ebuild 
b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild
new file mode 100644
index 000..689cf47c9f8
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic readme.gentoo-r1 systemd
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="http://www.torproject.org/;
+SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
+   https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz;
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~x86 ~ppc-macos"
+IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd 
tor-hardening test zstd"
+
+DEPEND="
+   dev-libs/libevent:=[ssl]
+   sys-libs/zlib
+   caps? ( sys-libs/libcap )
+   man? ( app-text/asciidoc )
+   !libressl? ( dev-libs/openssl:0=[-bindist] )
+   libressl? ( dev-libs/libressl:0= )
+   lzma? ( app-arch/xz-utils )
+   scrypt? ( app-crypt/libscrypt )
+   seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+   systemd? ( sys-apps/systemd )
+   zstd? ( app-arch/zstd )"
+RDEPEND="
+   acct-user/tor
+   acct-group/tor
+   ${DEPEND}
+   selinux? ( sec-policy/selinux-tor )"
+
+PATCHES=(
+   "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+)
+
+DOCS=()
+
+RESTRICT="!test? ( test )"
+
+src_configure() {
+   use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING )
+   export ac_cv_lib_cap_cap_init=$(usex caps)
+   econf \
+   --localstatedir="${EPREFIX}/var" \
+   --disable-all-bugs-are-fatal \
+   --enable-system-torrc \
+   --disable-android \
+   --disable-html-manual \
+   --disable-libfuzzer \

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/

[Anthony G. Basile]

commit: c0fe6a0d4e379ce403f88e54f23d77695fe2cf05
Author: William Breathitt Gray  gmail  com>
AuthorDate: Sun Feb 25 00:26:52 2018 +
Commit: Anthony G. Basile  gentoo  org>
CommitDate: Sun Feb 25 00:57:29 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0fe6a0d

net-vpn/tor: Fix tor.service failure when /var/run is tmpfs

Closes: https://bugs.gentoo.org/640040

 .../files/tor-0.3.3.2-alpha-tor.service.in.patch   | 12 +++
 net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild| 85 ++
 2 files changed, 97 insertions(+)

diff --git a/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch 
b/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch
new file mode 100644
index 000..76e88bbaba9
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch
@@ -0,0 +1,12 @@
+--- a/contrib/dist/tor.service.in  2017-11-11 13:40:46.0 -0500
 b/contrib/dist/tor.service.in  2018-02-24 19:06:12.307506884 -0500
+@@ -21,6 +21,9 @@
+ LimitNOFILE=32768
+ 
+ # Hardening
++Group=tor
++RuntimeDirectory=tor
++RuntimeDirectoryMode=0770
+ PrivateTmp=yes
+ PrivateDevices=yes
+ ProtectHome=yes

diff --git a/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild 
b/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild
new file mode 100644
index 000..65525074136
--- /dev/null
+++ b/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic readme.gentoo-r1 systemd versionator user
+
+MY_PV="$(replace_version_separator 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="http://www.torproject.org/;
+SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
+   https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz;
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+# We need to keyword app-arch/zstd
+#KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos"
+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos"
+IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd"
+
+DEPEND="
+   app-text/asciidoc
+   dev-libs/libevent[ssl]
+   sys-libs/zlib
+   !libressl? ( dev-libs/openssl:0=[-bindist] )
+   libressl? ( dev-libs/libressl:0= )
+   lzma? ( app-arch/xz-utils )
+   scrypt? ( app-crypt/libscrypt )
+   seccomp? ( sys-libs/libseccomp )
+   systemd? ( sys-apps/systemd )
+   zstd? ( app-arch/zstd )"
+RDEPEND="${DEPEND}
+   selinux? ( sec-policy/selinux-tor )"
+
+PATCHES=(
+   "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+   "${FILESDIR}"/${PN}-0.3.3.2-alpha-tor.service.in.patch
+)
+
+DOCS=( README ChangeLog ReleaseNotes doc/HACKING )
+
+pkg_setup() {
+   enewgroup tor
+   enewuser tor -1 -1 /var/lib/tor tor
+}
+
+src_configure() {
+   econf \
+   --localstatedir="${EPREFIX}/var" \
+   --enable-system-torrc \
+   --enable-asciidoc \
+   --disable-android \
+   --disable-libfuzzer \
+   --disable-rust \
+   --disable-restart-debugging \
+   $(use_enable lzma) \
+   $(use_enable scrypt libscrypt) \
+   $(use_enable seccomp) \
+   $(use_enable systemd) \
+   $(use_enable tor-hardening gcc-hardening) \
+   $(use_enable tor-hardening linker-hardening) \
+   $(use_enable web tor2web-mode) \
+   $(use_enable test unittests) \
+   $(use_enable test coverage) \
+   $(use_enable zstd)
+}
+
+src_install() {
+   default
+   readme.gentoo_create_doc
+
+   newconfd "${FILESDIR}"/tor.confd tor
+   newinitd "${FILESDIR}"/tor.initd-r8 tor
+   systemd_dounit contrib/dist/tor.service
+
+   keepdir /var/lib/tor
+
+   fperms 750 /var/lib/tor
+   fowners tor:tor /var/lib/tor
+
+   insinto /etc/tor/
+   newins "${FILESDIR}"/torrc-r1 torrc
+}