An improved ebuild for net-misc/tor is attached to this bug. It provides support for a static version of tor as well as chroot support similar to net-dns/bind. I tested it only on x86, so I removed the other keywords of net-misc/tor-0.1.0.14-r1. Reproducible: Always Steps to Reproduce:
Created attachment 68735 [details] tor-0.1.0.14-r2.ebuild
Created attachment 68736 [details] files/tor.confd
Created attachment 68737 [details] tor.initd
Created attachment 68738 [details] files/torrc.sample-0.1.0.14.patch
Created attachment 68739 [details] files/tor.confd fixed small typo
I suppose tor is depending on openssl and libevent at runtime, too...
There are some problems here: 1- If static is not used the chroot fails probably due to not found libs: /etc/init.d/tor start * Starting chrooted Tor ... /sbin/start-stop-daemon: Unable to start /usr/bin/tor: No such file or directory [ !! ] And manualy: ls -al /chroot/tor/usr/bin/tor -rwxr-xr-x 1 root root 475312 Sep 18 21:25 /chroot/tor/usr/bin/tor chroot /chroot/tor/ /usr/bin/tor chroot: cannot run command `/usr/bin/tor': No such file or directory If the static use flag is on: ebuild /var/db/pkg/net-misc/tor-0.1.0.14-r2/tor-0.1.0.14-r2.ebuild config !!! aux_get(): ebuild path for 'net-misc/tor-0.1.0.14-r2' not specified: !!! None * * Setting up the chroot directory... * Creating devices... * Adding tor to /chroot/tor/etc/passwd and group... * Copying system files... cp: cannot stat `/lib/libgcc_*.*': No such file or directory * Copying dependencies... cp: cannot stat `dynamic': No such file or directory * Copying binaries and config files... * Setting permissions... * Done. and then: /etc/init.d/tor start * Starting chrooted Tor ... Sep 18 21:52:07.413 [notice] Tor v0.1.0.14. This is experimental software. Do not rely on it for strong anonymity. Sep 18 21:52:07.414 [err] switch_id(): User 'tor' not found. Sep 18 21:52:07.415 [err] init_from_config(): Acting on config options left us in a broken state. Dying. [ !! ] 2- The ebuild config only works for fresh installs if there is an upgrade the user has to manually remove the chroot and then re-run the config.
@Carsten/comment #6: You're right. At least the dynamic linked binary has runtime dependencies on dev-libs/openssl and dev-libs/libevent. I just got these lines from the old ebuild and assumed they were correct. Should've checked them... @Gustavo/comment #7: I have tested my ebuild on 3 different systems and it worked. The error message "cp: cannot stat `dynamic': No such file or directory" implies, that you have compiled tor with the static USE flag activated, but deactivated it afterwards. Maybe you've emerged tor with `USE=static emerge tor`? About your 2nd question: Yes, after an upgrade you have to rebuild your chroot. The bind ebuild suffers from the same problem. One could add an upgrade function to the ebuild, but it would be very bloated in the end.
Created attachment 69152 [details] tor-0.1.0.15.ebuild Version bump and minor changes of ebuild. I've installed tor using this ebuild on 3 different systems with (I at least think) every combination (dynamic and static in non-chroot environment, static+chroot, dynamic+chroot). Seemed to work but since Gustavo had problems with the other ebuild, this should be thoroughly tested.
Created attachment 69153 [details] files/torrc.sample-0.1.0.15.patch
*** Bug 107510 has been marked as a duplicate of this bug. ***
using the dyn+chroot overhere on x86 w/o problems.
*** Bug 113285 has been marked as a duplicate of this bug. ***
This would do well to include the dualpart service from bug #111140, however I do not see any obvious errors in theese builds, although it is preferred to do : "emerge --config '=${CATEGORY}/${PF}" than "emerge /var/lib... config"
0.1.0.16 has been out since January... figured I should put that here verus a new thread. :) http://tor.eff.org/download.html.en ~~ Andrew D.
*** Bug 111140 has been marked as a duplicate of this bug. ***
The chroot idea works very badly in tor, and I actually never managed to have it working ok. When a better way is available maybe then there will be a chroot tor.