diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/tor/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/tor/default.nix | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix new file mode 100644 index 000000000000..76bfee421968 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -0,0 +1,119 @@ +{ lib, stdenv, fetchurl, pkg-config, libevent, openssl, zlib, torsocks +, libseccomp, systemd, libcap, xz, zstd, scrypt, nixosTests +, writeShellScript + +# for update.nix +, writeScript +, common-updater-scripts +, bash +, coreutils +, curl +, gnugrep +, gnupg +, gnused +, nix +}: +let + tor-client-auth-gen = writeShellScript "tor-client-auth-gen" '' + PATH="${lib.makeBinPath [coreutils gnugrep openssl]}" + pem="$(openssl genpkey -algorithm x25519)" + + printf private_key=descriptor:x25519: + echo "$pem" | grep -v " PRIVATE KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + + printf public_key=descriptor:x25519: + echo "$pem" | openssl pkey -in /dev/stdin -pubout | + grep -v " PUBLIC KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + ''; +in +stdenv.mkDerivation rec { + pname = "tor"; + version = "0.4.6.9"; + + src = fetchurl { + url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; + sha256 = "1ad99k4wysxrnlaprv7brxr2nc0h5zdnrh0rma10pqlck2037sf7"; + }; + + outputs = [ "out" "geoip" ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libevent openssl zlib xz zstd scrypt ] ++ + lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; + + patches = [ ./disable-monotonic-timer-tests.patch ]; + + # cross compiles correctly but needs the following + configureFlags = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) + "--disable-tool-name-check"; + + NIX_CFLAGS_LINK = lib.optionalString stdenv.cc.isGNU "-lgcc_s"; + + postPatch = '' + substituteInPlace contrib/client-tools/torify \ + --replace 'pathfind torsocks' true \ + --replace 'exec torsocks' 'exec ${torsocks}/bin/torsocks' + + patchShebangs ./scripts/maint/checkShellScripts.sh + ''; + + enableParallelBuilding = true; + + # disable tests on aarch64-darwin, the following tests fail there: + # oom/circbuf: [forking] + # FAIL src/test/test_oom.c:187: assert(c1->marked_for_close) + # [circbuf FAILED] + # oom/streambuf: [forking] + # FAIL src/test/test_oom.c:287: assert(x_ OP_GE 500 - 5): 0 vs 495 + # [streambuf FAILED] + doCheck = !(stdenv.isDarwin && stdenv.isAarch64); + + postInstall = '' + mkdir -p $geoip/share/tor + mv $out/share/tor/geoip{,6} $geoip/share/tor + rm -rf $out/share/tor + ln -s ${tor-client-auth-gen} $out/bin/tor-client-auth-gen + ''; + + passthru = { + tests.tor = nixosTests.tor; + updateScript = import ./update.nix { + inherit lib; + inherit + writeScript + common-updater-scripts + bash + coreutils + curl + gnupg + gnugrep + gnused + nix + ; + }; + }; + + meta = with lib; { + homepage = "https://www.torproject.org/"; + repositories.git = "https://git.torproject.org/git/tor"; + description = "Anonymizing overlay network"; + + longDescription = '' + Tor helps improve your privacy by bouncing your communications around a + network of relays run by volunteers all around the world: it makes it + harder for somebody watching your Internet connection to learn what sites + you visit, and makes it harder for the sites you visit to track you. Tor + works with many of your existing applications, including web browsers, + instant messaging clients, remote login, and other applications based on + the TCP protocol. + ''; + + license = licenses.bsd3; + + maintainers = with maintainers; + [ thoughtpolice joachifm prusnak ]; + platforms = platforms.unix; + }; +} |