net-vpn/tor: add 0.4.8.21

Bug: https://bugs.gentoo.org/965987 Signed-off-by: Sam James <sam@gentoo.org>
2026-01-06 00:05:54 +03:00 · 2025-11-18 19:27:08 +00:00
parent ffdda0d57c
commit 260d50b793
3 changed files with 206 additions and 0 deletions
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -13,3 +13,6 @@ DIST tor-0.4.8.19.tar.gz.sha256sum.asc 716 BLAKE2B 090e8b16311712a6a79a87a18fdbd
 DIST tor-0.4.8.20.tar.gz 10662081 BLAKE2B c7618f61ee909b731ca92bc6bda67078396844b08b106754d6cc919073c979294dd24d4a2a64a42237a2d937c7d0e279cf2be2bd3b1d1dc2034dfb35657ff0d2 SHA512 297d7ad8666f3cdac6a522ac31dd514406b28d85fdcfb991358fed3e3486a7237725c19005ef9b7c443fbb84381f159999a568e414f4078a33f63046ce960585
 DIST tor-0.4.8.20.tar.gz.sha256sum 86 BLAKE2B 19208b6bc86161eeabf3960cacb5739c8e1eca088fae3b4b91aa3d9029b3c477d33849fb1327ef80f6fe15232e3f34ad8306c61173597fbe3259d3b72e694d75 SHA512 90d2c7bceec68f65e1f5ac5d5fad7a20b896409e4060efc790b2074f6af830897699ce99ff5d97280b6dc03aca4b43074cdc3d4cf11ba35725f0ae87d5c009fa
 DIST tor-0.4.8.20.tar.gz.sha256sum.asc 716 BLAKE2B f2bf5491cc8be6c098dbf9cc8b8de50b76f426fac23660a238150796689b89310a928183b968d88110b4454423cfc572456ef54075cb54082f08f76b369b437b SHA512 623e678e14c97248b5f12d249b787510e10f48f8f7433cbd01b6dcaa78ceb7e929d9dfd30cdb70bd3f12aacf88ef6b3828b685e4e22a2dbf29247015b8329a43
+DIST tor-0.4.8.21.tar.gz 10663112 BLAKE2B 1b7d786a7ec5a3e5967d8ce214f8a2aef10f8ba10791bc45d42a322bf4107c0a1962b80368e043ee1b239a8367660fdf810d05f00a010d9e69d024e1042217e8 SHA512 5ba774d1f9b2079bd393323d490edf6e1a6380f5a970f07f87e8cf14522eb994c7137a8c8a7ad551289db0ad9aa3ff0a46d8d55fdcdaea5042d68196cf9399b7
+DIST tor-0.4.8.21.tar.gz.sha256sum 86 BLAKE2B 66b55dd5cb8f344f54a6ecd51d71aeadabe2c8825b236bcfa018ac8dd0ca98beee832a85728c3294ae56df529e3058c7c6292613108869131258713f482ae691 SHA512 1b6330dfa3b58e9ea99bbbd9dd76f042a23e5c5c2656704bf2ca80f5e0214427020e8718856359ceca0b7d52e135d315f3ea1e1fb760eac6a7422d721b90b144
+DIST tor-0.4.8.21.tar.gz.sha256sum.asc 716 BLAKE2B e4ea78b6ed371728fd8d198bb17041a80f84090fd10851d516463b6515ca6a56f7fe3ec0828a29c98e4ca0a242e71a6737d0719aa33bd4292e87dce1b8a3577f SHA512 7c741f85cf2a1c722ce1c24dfd3f2b6271ef10dfb54bd120c49d229b02ac982c88c8c7a833e4b314e35dcb685ce0ede5adea6284ccc13514fd335b85755e61ee
--- a/net-vpn/tor/tor-0.4.8.21.ebuild
+++ b/net-vpn/tor/tor-0.4.8.21.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..14} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+	inherit autotools git-r3
+else
+	SRC_URI="
+		https://www.torproject.org/dist/${MY_PF}.tar.gz
+		https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+		verify-sig? (
+			https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+			https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+		)
+	"
+
+	S="${WORKDIR}/${MY_PF}"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20250713 )"
+fi
+
+# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version)
+# We also already had GPL-2 listed here for the init script, but obviously
+# that's different from the actual binary.
+LICENSE="BSD GPL-2 GPL-3"
+SLOT="0"
+IUSE="caps doc hardened lzma +man scrypt seccomp selinux +server systemd test zstd"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	>=dev-libs/libevent-2.1.12-r1:=[ssl]
+	dev-libs/openssl:=[-bindist(-)]
+	virtual/zlib:=
+	caps? ( sys-libs/libcap )
+	man? ( app-text/asciidoc )
+	lzma? ( app-arch/xz-utils )
+	scrypt? ( app-crypt/libscrypt )
+	seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+	systemd? ( sys-apps/systemd:= )
+	zstd? ( app-arch/zstd:= )
+"
+DEPEND="
+	${RDEPEND}
+	test? (
+		${DEPEND}
+		${PYTHON_DEPS}
+	)
+"
+RDEPEND+="
+	acct-user/tor
+	acct-group/tor
+	selinux? ( sec-policy/selinux-tor )
+"
+BDEPEND+="
+	acct-user/tor
+	acct-group/tor
+"
+
+DOCS=()
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# test correctly fails because -lnacl fails if not available
+	# https://bugs.gentoo.org/900092
+	crypto_scalarmult_curve25519
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	else
+		if use verify-sig; then
+			cd "${DISTDIR}" || die
+			verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+			verify-sig_verify_unsigned_checksums \
+				${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+			cd "${WORKDIR}" || die
+		fi
+
+		default
+	fi
+}
+
+src_prepare() {
+	default
+
+	# Running shellcheck automagically isn't useful for ebuild testing.
+	echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+	export ac_cv_lib_cap_cap_init=$(usex caps)
+	export tor_cv_PYTHON="${EPYTHON}"
+	# Already set by default in profiles for our toolchain
+	export tor_cv_cflags__fcf_protection_full=no
+	export tor_cv_cflags__mbranch_protection_standard=no
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}/var"
+		--disable-all-bugs-are-fatal
+		--enable-system-torrc
+		--disable-android
+		--disable-coverage
+		--disable-html-manual
+		--disable-libfuzzer
+		--enable-missing-doc-warnings
+		--disable-module-dirauth
+		--enable-pic
+		--disable-restart-debugging
+
+		# Unless someone asks & has a compelling reason, just always
+		# build in GPL mode for pow, given we don't want yet another USE
+		# flag combination to have to test just for the sake of it.
+		# (PoW requires GPL.)
+		--enable-gpl
+		--enable-module-pow
+
+		$(use_enable hardened gcc-hardening)
+		$(use_enable hardened linker-hardening)
+		$(use_enable man asciidoc)
+		$(use_enable man manpage)
+		$(use_enable lzma)
+		$(use_enable scrypt libscrypt)
+		$(use_enable seccomp)
+		$(use_enable server module-relay)
+		$(use_enable systemd)
+		$(use_enable test unittests)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	local skip_tests=(
+		# Fails in sandbox
+		:sandbox/open_filename
+		:sandbox/openat_filename
+	)
+
+	if use arm ; then
+		skip_tests+=(
+			# bug #920905
+			# https://gitlab.torproject.org/tpo/core/tor/-/issues/40912
+			:sandbox/opendir_dirname
+			:sandbox/openat_filename
+			:sandbox/chmod_filename
+			:sandbox/chown_filename
+			:sandbox/rename_filename
+		)
+	fi
+
+	# The makefile runs these by parallel by chunking them with a script
+	# but that means we lose verbosity and can't skip individual tests easily
+	# either.
+	edo ./src/test/test --verbose "${skip_tests[@]}"
+}
+
+src_install() {
+	default
+	readme.gentoo_create_doc
+
+	newconfd "${FILESDIR}"/tor.confd tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
+	systemd_dounit "${FILESDIR}"/tor.service
+
+	keepdir /var/lib/tor
+
+	fperms 750 /var/lib/tor
+	fowners tor:tor /var/lib/tor
+
+	insinto /etc/tor/
+	newins "${FILESDIR}"/torrc-r2 torrc
+}
--- a/net-vpn/tor/tor-9999.ebuild
+++ b/net-vpn/tor/tor-9999.ebuild
@@ -121,6 +121,7 @@ src_configure() {
 	export tor_cv_PYTHON="${EPYTHON}"
 	# Already set by default in profiles for our toolchain
 	export tor_cv_cflags__fcf_protection_full=no
+	export tor_cv_cflags__mbranch_protection_standard=no

 	local myeconfargs=(
 		--localstatedir="${EPREFIX}/var"