summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO10
-rw-r--r--PKGBUILD10
-rw-r--r--tor.service18
-rw-r--r--torrc10
4 files changed, 28 insertions, 20 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 4acad9a8eae0..649b2fc86a62 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,6 @@
-# Generated by mksrcinfo v8
-# Sat May 27 00:20:37 UTC 2017
pkgbase = tor-git
pkgdesc = An anonymizing overlay network (development version)
- pkgver = 0.3.1.2.alpha.24949
+ pkgver = 0.3.2.1.alpha.26280
pkgrel = 1
url = http://www.torproject.org
install = tor.install
@@ -11,11 +9,11 @@ pkgbase = tor-git
arch = armv6h
arch = armv7h
license = BSD
- makedepends = asciidoc
depends = openssl>=1.0.2.a
depends = ca-certificates
depends = libevent
depends = libseccomp
+ depends = asciidoc
optdepends = torsocks: for torify support
provides = tor
conflicts = tor
@@ -26,8 +24,8 @@ pkgbase = tor-git
source = tor.tmpfiles
source = tor.sysusers
sha256sums = SKIP
- sha256sums = aedb4bbdf18583a6eb74959a700805093bb515f7fed3fa80a607b06694255d17
- sha256sums = 5acd97eed1e4e175d5d547704a7d125009de6dc51d3c7163b7311e82fd34e9a2
+ sha256sums = 9ff0e143b6c19b4cff74c085e498f8be65f6c40aa18618549ebf5a79e7478382
+ sha256sums = c685edf59802b4ecd90d82a32ae58806c31f75d3e8de0d62cca4e9b16868729d
sha256sums = 37ff22a2e6f3dab412f08b46b86dede063538f6a32039d58a90d1212f188b379
sha256sums = 4a27a177889c044ff4e3e1f6ab8bbb32211466d53d884974240dab67592343b2
diff --git a/PKGBUILD b/PKGBUILD
index 264af12df25a..a0d0e01c7885 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,14 +4,13 @@
pkgname=tor-git
_branch=master
#_branch=maint-0.2.6
-pkgver=0.3.1.2.alpha.24949
+pkgver=0.3.2.1.alpha.26280
pkgrel=1
pkgdesc="An anonymizing overlay network (development version)"
arch=('i686' 'x86_64' 'armv6h' 'armv7h')
url="http://www.torproject.org"
license=('BSD')
-depends=('openssl>=1.0.2.a' 'ca-certificates' 'libevent' 'libseccomp')
-makedepends=('asciidoc')
+depends=('openssl>=1.0.2.a' 'ca-certificates' 'libevent' 'libseccomp' 'asciidoc')
optdepends=('torsocks: for torify support')
conflicts=('tor')
provides=('tor')
@@ -19,12 +18,13 @@ install='tor.install'
backup=('etc/tor/torrc')
source=("git+https://git.torproject.org/tor.git#branch=${_branch}"
+ #"git+https://github.com/torproject/tor.git#branch=${_branch}"
'torrc'
'tor.service' 'tor.tmpfiles' 'tor.sysusers')
sha256sums=('SKIP'
- 'aedb4bbdf18583a6eb74959a700805093bb515f7fed3fa80a607b06694255d17'
- '5acd97eed1e4e175d5d547704a7d125009de6dc51d3c7163b7311e82fd34e9a2'
+ '9ff0e143b6c19b4cff74c085e498f8be65f6c40aa18618549ebf5a79e7478382'
+ 'c685edf59802b4ecd90d82a32ae58806c31f75d3e8de0d62cca4e9b16868729d'
'37ff22a2e6f3dab412f08b46b86dede063538f6a32039d58a90d1212f188b379'
'4a27a177889c044ff4e3e1f6ab8bbb32211466d53d884974240dab67592343b2')
diff --git a/tor.service b/tor.service
index b83b3da56400..cfde74de1d19 100644
--- a/tor.service
+++ b/tor.service
@@ -1,12 +1,24 @@
[Unit]
-Description=Anonymizing overlay network
-After=network.target
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/bin/tor -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGINT
-LimitNOFILE=8196
+LimitNOFILE=32768
+
+# Hardening
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/tor
+ReadWriteDirectories=-/var/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
diff --git a/torrc b/torrc
index 77fdd40e865d..fbaa0d25d422 100644
--- a/torrc
+++ b/torrc
@@ -1,5 +1,3 @@
-## CONFIGURED FOR ARCHLINUX
-
## Configuration file for a typical Tor user
## Last updated 22 September 2015 for Tor 0.2.7.3-alpha.
## (may or may not work for much older or much newer versions of Tor.)
@@ -14,11 +12,11 @@
## Tor will look for this file in various places based on your platform:
## https://www.torproject.org/docs/faq#torrc
-## Tor opens a socks proxy on port 9050 by default -- even if you don't
-## configure one below. Set "SocksPort 0" if you plan to run Tor only
+## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
-SocksPort 127.0.0.1:9050 # Default: Bind to localhost:9050 for local connections.
-#SocksPort 192.168.0.1:9100 # Bind to this address:port too.
+SOCKSPort 127.0.0.1:9050 # Default: Bind to localhost:9050 for local connections.
+#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SOCKSPolicy is set, we accept