[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/
commit: ac63593feec203a38fccf1189ba0fe3e304f4f8b Author: John Helmert III gentoo org> AuthorDate: Mon Dec 25 19:47:55 2023 + Commit: John Helmert III gentoo org> CommitDate: Mon Dec 25 19:55:26 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac63593f net-vpn/tor: add 0.4.7.16-r1 for arm64 test patch Closes: https://bugs.gentoo.org/920063 Signed-off-by: John Helmert III gentoo.org> net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch | 337 + net-vpn/tor/tor-0.4.7.16-r1.ebuild | 168 ++ 2 files changed, 505 insertions(+) diff --git a/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch new file mode 100644 index ..2b473bf981b6 --- /dev/null +++ b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch @@ -0,0 +1,337 @@ +From https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574 +Gentoo Bug: https://bugs.gentoo.org/920063 +From: Pierre Bourdon +Date: Sat, 30 Apr 2022 11:52:59 +0200 +Subject: [PATCH 1/4] sandbox: fix openat filtering on AArch64 + +New glibc versions not sign-extending 32 bit negative constants seems to +not be a thing on AArch64. I suspect that this might not be the only +architecture where the sign-extensions is happening, and the correct fix +might be instead to use a proper 32 bit comparison for the first openat +parameter. For now, band-aid fix this so the sandbox can work again on +AArch64. +--- a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c +@@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void) + static int + libc_negative_constant_needs_cast(void) + { ++#if defined(__aarch64__) && defined(__LP64__) ++ /* Existing glibc versions always sign-extend to 64 bits on AArch64. */ ++ return 0; ++#else + return is_libc_at_least(2, 27); ++#endif + } + + /** Allow a single file to be opened. If use_openat is true, +-- +GitLab + + +From 8fd13f7a7bfd4efc02d888ce9d10bcb6a80a03c8 Mon Sep 17 00:00:00 2001 +From: Pierre Bourdon +Date: Sat, 30 Apr 2022 13:02:16 +0200 +Subject: [PATCH 2/4] sandbox: filter {chown,chmod,rename} via their *at + variant on Aarch64 + +The chown/chmod/rename syscalls have never existed on AArch64, and libc +implements the POSIX functions via the fchownat/fchmodat/renameat +syscalls instead. + +Add new filter functions for fchownat/fchmodat/renameat, not made +architecture specific since the syscalls exists everywhere else too. +However, in order to limit seccomp filter space usage, we only insert +rules for one of {chown, chown32, fchownat} depending on the +architecture (resp. {chmod, fchmodat}, {rename, renameat}). +--- a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c +@@ -614,6 +614,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) + return 0; + } + ++static int ++sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) ++{ ++ int rc; ++ sandbox_cfg_t *elem = NULL; ++ ++ // for each dynamic parameter filters ++ for (elem = filter; elem != NULL; elem = elem->next) { ++smp_param_t *param = elem->param; ++ ++if (param != NULL && param->prot == 1 && param->syscall ++== SCMP_SYS(fchmodat)) { ++ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat), ++ SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), ++ SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); ++ if (rc != 0) { ++log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received " ++"libseccomp error %d", rc); ++return rc; ++ } ++} ++ } ++ ++ return 0; ++} ++ + #ifdef __i386__ + static int + sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +@@ -666,6 +692,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) + } + #endif /* defined(__i386__) */ + ++static int ++sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) ++{ ++ int rc; ++ sandbox_cfg_t *elem = NULL; ++ ++ // for each dynamic parameter filters ++ for (elem = filter; elem != NULL; elem = elem->next) { ++smp_param_t *param = elem->param; ++ ++if (param != NULL && param->prot == 1 && param->syscall ++== SCMP_SYS(fchownat)) { ++ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat), ++ SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), ++ SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); ++ if (rc != 0) { ++log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received " ++"libseccomp error %d", rc); ++return rc; ++ } ++} ++ } ++ ++ return 0; ++} ++ + /** + * Function responsible for setting up the rename syscall for + * the seccomp filter sandbox. +@@ -697,6 +749,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter) + return 0; + } + ++/** ++ * Function responsible for setting up the renameat syscall for ++ * the seccomp filter sandbox. ++ */ ++static int ++sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) ++{ ++ int rc; ++ sandbox_cfg_t *elem = NULL; ++ ++
[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/
commit: 3a9140bd748838d248b145584bdde02fee63a656 Author: Sam James gentoo org> AuthorDate: Fri Dec 16 04:59:40 2022 + Commit: Sam James gentoo org> CommitDate: Fri Dec 16 04:59:40 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9140bd net-vpn/tor: drop 0.4.7.10-r1 Signed-off-by: Sam James gentoo.org> net-vpn/tor/Manifest | 3 - .../tor-0.4.7.10-strict-prototypes-clang16.patch | 75 net-vpn/tor/tor-0.4.7.10-r1.ebuild | 127 - 3 files changed, 205 deletions(-) diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 657df6be0175..655ae9d6c656 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -1,6 +1,3 @@ -DIST tor-0.4.7.10.tar.gz 7933376 BLAKE2B 46a9d932e7451bcc683e18d296d7a26bb4b544767cf4622910ebf90d82715718451ec3e0d6cd215eff5fe2cc3ae8441b8e6065c5877d7fc92c2f26ab5c7fa0cb SHA512 e82877807d9e73fe12ab424830641e52b9b45034ca06f07e37648f50a3c1c10cd1b07081d8646b8e92c58658bdff5f6e9670e5104e9d05a531b1d85d0851a606 -DIST tor-0.4.7.10.tar.gz.sha256sum 86 BLAKE2B 4b372b3508ffee497ecc9adab4a4d3d2b548100bb7dd54e1036c71004503d96148899096bbae807f2d626a5e26d0a947f7546df0a708a78b59b4d39bed3e849c SHA512 518b6e617702386df7a84155d528f1a904a45221c946402da3fc3d40170dcdac117bff38c92a2e58ef4dd8d422433950f3904d27da66a99d808204432732cc9b -DIST tor-0.4.7.10.tar.gz.sha256sum.asc 1321 BLAKE2B fc7fd43115992e5d434cc1bf2808eeb971ead532935be7493b4eef7804a65cad3cf4f9fd18158a0c8f3e19bb9e55c5fe7487ded9adb6782cbc1583e1159aaf7c SHA512 789923b465e72a1a77b1b1951cd0f66c266c10119a480ce8b622f1f4aa07381b7403c27aca3badf51381da0b41498c9b0d42b2c5cedd6c54a617df9dc138689e DIST tor-0.4.7.11.tar.gz 7983705 BLAKE2B 2d743e7d0aea63e76f6e24aa235792af8691fde419f56bbdf8c6ee865250a09ec06454ec84abac8ba47e3d61a363c937fc050376172d3ec6b0815998d1c8679e SHA512 318377916880310438aa9804d1ea0154c5416d6b13988c4ff7f2e65fd38c94e2cd6c53252fd76a4dcb488f452837468e19197bf5feee4020e3c1927a76ed2937 DIST tor-0.4.7.11.tar.gz.sha256sum 86 BLAKE2B 1e49ba88ae21af6589a9815603ee375cc0dc85fcd8dd5a5f52cd44659438874ae9d10b09b7f15cadd2c30d2e8012a27be4233dcb19195d4627f19a59ccf68d0b SHA512 cfdae54a70dc0d8eb0eaf8b8c9902a7dd8bc8d597a678d5a0bf431c3e09a8b56206b70b6f9207e3c06e1ba11913b25b81d7c269e49cde5f297ff7b165a3348a9 DIST tor-0.4.7.11.tar.gz.sha256sum.asc 716 BLAKE2B 2336ff3869b3a759626cd68c0c931dbdb6cf5b13e7a99e2dcc1c784e3832ba2f0314c1c2f3a9e5ccaba3f20d7aab9b9c918373194290769e358cbb5411323012 SHA512 b5e3c82378bc18268d6d4523787e12ece39246cc0f035fd1aedc50c2182d1ba3d2a8f8817a3dada2cd60acabb78f604f06ab347b92c6f42a82f260cc49285c2c diff --git a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch deleted file mode 100644 index 9317b6b215b7.. --- a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch +++ /dev/null @@ -1,75 +0,0 @@ -https://gitlab.torproject.org/tpo/core/tor/-/commit/ee38514cc4372bfb7d01ee96a1110d600a30e061 - -From ee38514cc4372bfb7d01ee96a1110d600a30e061 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Tue, 8 Nov 2022 06:42:59 + -Subject: [PATCH] build: fix -Wstrict-prototypes (Clang 16) - -Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can -among other things, lead to some configure tests silently failing/returning the wrong result. - -Fixes this error: -``` --ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] -+ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes] - main () -``` - -For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2], -or the (new) c-std-porting mailing list [3]. - -[0] https://lwn.net/Articles/913505/ -[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 -[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240 -[3] hosted at lists.linux.dev. - -Bug: https://bugs.gentoo.org/879747 -Signed-off-by: Sam James a/configure.ac -+++ b/configure.ac -@@ -1982,7 +1982,7 @@ AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero, - #ifdef HAVE_STDDEF_H - #include - #endif --int main () { char *p1,*p2; p1=NULL; memset(,0,sizeof(p2)); -+int main (void) { char *p1,*p2; p1=NULL; memset(,0,sizeof(p2)); - return memcmp(,,sizeof(char*))?1:0; }]])], -[tor_cv_null_is_zero=yes], -[tor_cv_null_is_zero=no], -@@ -2006,7 +2006,7 @@ AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero, - #ifdef HAVE_STDDEF_H - #include - #endif --int main () { double d1,d2; d1=0; memset(,0,sizeof(d2)); -+int main (void) { double d1,d2; d1=0; memset(,0,sizeof(d2)); - return memcmp(,,sizeof(d1))?1:0; }]])], -[tor_cv_dbl0_is_zero=yes], -[tor_cv_dbl0_is_zero=no], -@@
[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/
commit: 1b7eeddf3e05517493bcef669af7abb18877cb4c Author: Anthony G. Basile gentoo org> AuthorDate: Mon Nov 9 17:47:40 2020 + Commit: Anthony G. Basile gentoo org> CommitDate: Mon Nov 9 17:47:59 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b7eeddf net-vpn/tor: add new alpha, version 0.4.5.1_alpha Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Anthony G. Basile gentoo.org> net-vpn/tor/Manifest | 1 + net-vpn/tor/files/tor.service| 38 +++ net-vpn/tor/tor-0.4.5.1_alpha.ebuild | 92 3 files changed, 131 insertions(+) diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 0fe711a7de4..d897b8ed930 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -1,2 +1,3 @@ DIST tor-0.4.3.6.tar.gz 7745954 BLAKE2B 3b04b2c79281483ef72421f8f5bfbc4f48358b6d38c151470eea7ea9bd2666e7098fe3fb0887d551f796443718791a3a464b007669c96e6bbcce7d7fc4c25d3a SHA512 f4ab0788d27b3eab40853dde31eaf087ac84616fc3488973e7d01f4dbd3e71ba6ce3a3afcf0c6272223897d0a9c1556aa26dbc4d9b98cc5b43dd729d20a2fcca DIST tor-0.4.4.5.tar.gz 7808696 BLAKE2B b1c7342d5f1998b372529a8da1719a4f31c4e2516f9b666755b0edf29c7d66fa84a730fceed11e5c0bd1346f6fe06d7c96dd6a2161b0b2c3824468cd2f88f077 SHA512 8b7bedf998c66b33cb7b248ef33eb551dd75cca7eabf2133f716948d5bc83408d0be2ec1968e1c860b1067746b5645ea6e8f23478458b5eb2f5573ea7ecaecb7 +DIST tor-0.4.5.1-alpha.tar.gz 7901876 BLAKE2B 328e6ee53125a2b3242436e57cb8df7ad6a2b79a31357ce08de6d035b70ff31c64d3574fc6cae59ef3a321c6cfd06bf996df222c531eeff73f46c1bd30636664 SHA512 f68dfae2a682d8648197fc97c516da13fce359902dc6da934605b402d1f5154e1322f4a4e63ad73629a170cc600396eb8dea89b4223c1ffae236291d0de87ea7 diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service new file mode 100644 index 000..16638240c54 --- /dev/null +++ b/net-vpn/tor/files/tor.service @@ -0,0 +1,38 @@ +# tor.service -- this systemd configuration file for Tor sets up a +# relatively conservative, hardened Tor service. You may need to +# edit it if you are making changes to your Tor configuration that it +# does not allow. Package maintainers: this should be a starting point +# for your tor.service; it is not the last point. + +[Unit] +Description=Anonymizing overlay network for TCP +After=syslog.target network.target nss-lookup.target + +[Service] +Type=notify +NotifyAccess=all +ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config +ExecStart=/usr/bin/tor -f /etc/tor/torrc +ExecReload=/bin/kill -HUP ${MAINPID} +KillSignal=SIGINT +TimeoutSec=60 +Restart=on-failure +WatchdogSec=1m +LimitNOFILE=32768 + +# Hardening +Group=tor +RuntimeDirectory=tor +RuntimeDirectoryMode=0770 +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=full +ReadOnlyDirectories=/ +ReadWriteDirectories=-/var/lib/tor +ReadWriteDirectories=-/var/log/tor +NoNewPrivileges=yes +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/tor/tor-0.4.5.1_alpha.ebuild b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild new file mode 100644 index 000..689cf47c9f8 --- /dev/null +++ b/net-vpn/tor/tor-0.4.5.1_alpha.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic readme.gentoo-r1 systemd + +MY_PV="$(ver_rs 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/; +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz; +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" + +DEPEND=" + dev-libs/libevent:=[ssl] + sys-libs/zlib + caps? ( sys-libs/libcap ) + man? ( app-text/asciidoc ) + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( >=sys-libs/libseccomp-2.4.1 ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd )" +RDEPEND=" + acct-user/tor + acct-group/tor + ${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch +) + +DOCS=() + +RESTRICT="!test? ( test )" + +src_configure() { + use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING ) + export ac_cv_lib_cap_cap_init=$(usex caps) + econf \ + --localstatedir="${EPREFIX}/var" \ + --disable-all-bugs-are-fatal \ + --enable-system-torrc \ + --disable-android \ + --disable-html-manual \ + --disable-libfuzzer \
[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/, net-vpn/tor/files/
commit: c0fe6a0d4e379ce403f88e54f23d77695fe2cf05 Author: William Breathitt Gray gmail com> AuthorDate: Sun Feb 25 00:26:52 2018 + Commit: Anthony G. Basile gentoo org> CommitDate: Sun Feb 25 00:57:29 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0fe6a0d net-vpn/tor: Fix tor.service failure when /var/run is tmpfs Closes: https://bugs.gentoo.org/640040 .../files/tor-0.3.3.2-alpha-tor.service.in.patch | 12 +++ net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild| 85 ++ 2 files changed, 97 insertions(+) diff --git a/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch b/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch new file mode 100644 index 000..76e88bbaba9 --- /dev/null +++ b/net-vpn/tor/files/tor-0.3.3.2-alpha-tor.service.in.patch @@ -0,0 +1,12 @@ +--- a/contrib/dist/tor.service.in 2017-11-11 13:40:46.0 -0500 b/contrib/dist/tor.service.in 2018-02-24 19:06:12.307506884 -0500 +@@ -21,6 +21,9 @@ + LimitNOFILE=32768 + + # Hardening ++Group=tor ++RuntimeDirectory=tor ++RuntimeDirectoryMode=0770 + PrivateTmp=yes + PrivateDevices=yes + ProtectHome=yes diff --git a/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild b/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild new file mode 100644 index 000..65525074136 --- /dev/null +++ b/net-vpn/tor/tor-0.3.3.2_alpha-r1.ebuild @@ -0,0 +1,85 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic readme.gentoo-r1 systemd versionator user + +MY_PV="$(replace_version_separator 4 -)" +MY_PF="${PN}-${MY_PV}" +DESCRIPTION="Anonymizing overlay network for TCP" +HOMEPAGE="http://www.torproject.org/; +SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz + https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz; +S="${WORKDIR}/${MY_PF}" + +LICENSE="BSD GPL-2" +SLOT="0" +# We need to keyword app-arch/zstd +#KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~ppc-macos" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86 ~ppc-macos" +IUSE="libressl lzma scrypt seccomp selinux systemd tor-hardening test web zstd" + +DEPEND=" + app-text/asciidoc + dev-libs/libevent[ssl] + sys-libs/zlib + !libressl? ( dev-libs/openssl:0=[-bindist] ) + libressl? ( dev-libs/libressl:0= ) + lzma? ( app-arch/xz-utils ) + scrypt? ( app-crypt/libscrypt ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd ) + zstd? ( app-arch/zstd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-tor )" + +PATCHES=( + "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch + "${FILESDIR}"/${PN}-0.3.3.2-alpha-tor.service.in.patch +) + +DOCS=( README ChangeLog ReleaseNotes doc/HACKING ) + +pkg_setup() { + enewgroup tor + enewuser tor -1 -1 /var/lib/tor tor +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}/var" \ + --enable-system-torrc \ + --enable-asciidoc \ + --disable-android \ + --disable-libfuzzer \ + --disable-rust \ + --disable-restart-debugging \ + $(use_enable lzma) \ + $(use_enable scrypt libscrypt) \ + $(use_enable seccomp) \ + $(use_enable systemd) \ + $(use_enable tor-hardening gcc-hardening) \ + $(use_enable tor-hardening linker-hardening) \ + $(use_enable web tor2web-mode) \ + $(use_enable test unittests) \ + $(use_enable test coverage) \ + $(use_enable zstd) +} + +src_install() { + default + readme.gentoo_create_doc + + newconfd "${FILESDIR}"/tor.confd tor + newinitd "${FILESDIR}"/tor.initd-r8 tor + systemd_dounit contrib/dist/tor.service + + keepdir /var/lib/tor + + fperms 750 /var/lib/tor + fowners tor:tor /var/lib/tor + + insinto /etc/tor/ + newins "${FILESDIR}"/torrc-r1 torrc +}