diff options
-rw-r--r-- | .SRCINFO | 7 | ||||
-rw-r--r-- | PKGBUILD | 8 | ||||
-rw-r--r-- | tor.service | 8 | ||||
-rw-r--r-- | torrc | 4 |
4 files changed, 16 insertions, 11 deletions
@@ -1,6 +1,6 @@ pkgbase = tor-git pkgdesc = An anonymizing overlay network (development version) - pkgver = 0.4.5.0.alpha.r304.g95fc085 + pkgver = 0.4.6.0.alpha.dev.r50.g94fc207 pkgrel = 1 url = https://www.torproject.org arch = i686 @@ -37,15 +37,14 @@ pkgbase = tor-git source = tor.tmpfiles source = tor.sysusers sha256sums = SKIP - sha256sums = e739da6271814ef8dd928a0b5d3338ef4370d0c131e86ec26cea4d7f96572d0b + sha256sums = 70dd879309db4c1b346ea35e0926eda6f2fe37dcb6f827e31506af4ee692b433 sha256sums = 72ed5d90c54d9d5354af0d9fc7eb1412c548cc308868b85a99278abe8ccbf145 sha256sums = 90a588c3c2dc7826172341453f76739e8f48df7b0c858adebd12e97f047bde26 sha256sums = 7fbb63e9411eee2176964449a3d6809d16e1120152c6ff201ecea1d1f97f102b sha256sums = 748b7264b49b12d5252d688b8859820046413938c5fde91578da0d5b95594c2e sha256sums = d447227fcc2756778a1be143b8975d67b25ea15688cde2291185b3c71d0f6e34 - sha256sums = ebd5c845ca5ff9be01747465b41959171bd6a8093317cc382c34a9b8a7198d27 + sha256sums = 488525b2051cf0f216ac14c3ab1bc8531d308cedf92e64d147f7f11b6c58cf41 sha256sums = 06c00318d84ead3f939b267c7ae9e4cc1cd90c534d0b57ddd2595fee9065ee7f sha256sums = 231405d1fbbcc68168248f93edd19ae14b60f66bb4d1c8e46ead1d4cd8e0ae7c pkgname = tor-git - @@ -5,7 +5,7 @@ #_malloc=jemalloc # tcmalloc pkgname=tor-git -pkgver=0.4.5.0.alpha.r304.g95fc085 +pkgver=0.4.6.0.alpha.dev.r50.g94fc207 pkgrel=1 pkgdesc="An anonymizing overlay network (development version)" arch=('i686' 'x86_64' 'armv6h' 'armv7h') @@ -35,20 +35,20 @@ source=("git+https://git.torproject.org/tor.git#branch=${_branch:-master}" 'tor.logrotate' 'tor.service' 'tor.tmpfiles' 'tor.sysusers') sha256sums=('SKIP' - 'e739da6271814ef8dd928a0b5d3338ef4370d0c131e86ec26cea4d7f96572d0b' + '70dd879309db4c1b346ea35e0926eda6f2fe37dcb6f827e31506af4ee692b433' '72ed5d90c54d9d5354af0d9fc7eb1412c548cc308868b85a99278abe8ccbf145' '90a588c3c2dc7826172341453f76739e8f48df7b0c858adebd12e97f047bde26' '7fbb63e9411eee2176964449a3d6809d16e1120152c6ff201ecea1d1f97f102b' '748b7264b49b12d5252d688b8859820046413938c5fde91578da0d5b95594c2e' 'd447227fcc2756778a1be143b8975d67b25ea15688cde2291185b3c71d0f6e34' - 'ebd5c845ca5ff9be01747465b41959171bd6a8093317cc382c34a9b8a7198d27' + '488525b2051cf0f216ac14c3ab1bc8531d308cedf92e64d147f7f11b6c58cf41' '06c00318d84ead3f939b267c7ae9e4cc1cd90c534d0b57ddd2595fee9065ee7f' '231405d1fbbcc68168248f93edd19ae14b60f66bb4d1c8e46ead1d4cd8e0ae7c') pkgver () { cd tor git describe --long --tags --abbrev=7 "origin/${_branch:-master}" \ - |sed -e 's/[tor\|dev].//g;s/\([^-]*-g\)/r\1/;s/-/./g' + |sed -e 's/tor.//g;s/\([^-]*-g\)/r\1/;s/-/./g' } prepare() { diff --git a/tor.service b/tor.service index ee40d39b3fec..9757d503669c 100644 --- a/tor.service +++ b/tor.service @@ -14,6 +14,7 @@ Restart=on-failure RestartSec=1 WatchdogSec=1m LimitNOFILE=32768 +LimitMEMLOCK=infinity # Hardening PrivateTmp=yes @@ -22,10 +23,11 @@ DeviceAllow=/dev/null rw DeviceAllow=/dev/urandom r ProtectHome=yes ProtectSystem=full -ProtectKernelTunables=yes +NoNewPrivileges=true +MemoryDenyWriteExecute=true ReadOnlyDirectories=/ -ReadWriteDirectories=-/var/lib/tor -/var/log/tor -NoNewPrivileges=yes +ReadWriteDirectories=-/var/lib/tor +ReadWriteDirectories=-/var/log/tor CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH [Install] @@ -252,6 +252,10 @@ AvoidDiskWrites 1 ## Try to use built-in (static) crypto hardware acceleration when available. HardwareAccel 1 +## If set to 1, Tor will attempt to lock all current and future memory pages, +## so that memory cannot be paged out. +DisableAllSwap 1 + ## Configuration options can be imported from files or folders using the %include ## option with the value being a path. This path can have wildcards. Wildcards are ## expanded first, using lexical order. Then, for each matching file or folder, the following |