diff options
author | Martin Wilke <miwi@FreeBSD.org> | 2006-07-22 09:47:54 +0000 |
---|---|---|
committer | Martin Wilke <miwi@FreeBSD.org> | 2006-07-22 09:47:54 +0000 |
commit | 4fb2a83de5d1f7a5cb220af8804e84a58777aef8 (patch) | |
tree | df523783dd1dffd0ca613d97cde4ff5f3c905bdc /security/dns-proxy-tor | |
parent | d8705e4fa325173b07c5d77cf8f7aab50a58ae28 (diff) |
Notes
Diffstat (limited to 'security/dns-proxy-tor')
-rw-r--r-- | security/dns-proxy-tor/Makefile | 45 | ||||
-rw-r--r-- | security/dns-proxy-tor/distinfo | 3 | ||||
-rw-r--r-- | security/dns-proxy-tor/files/dns-proxy-tor.in | 70 | ||||
-rw-r--r-- | security/dns-proxy-tor/files/pkg-message.in | 48 | ||||
-rw-r--r-- | security/dns-proxy-tor/pkg-deinstall | 62 | ||||
-rw-r--r-- | security/dns-proxy-tor/pkg-descr | 9 | ||||
-rw-r--r-- | security/dns-proxy-tor/pkg-install | 36 | ||||
-rw-r--r-- | security/dns-proxy-tor/pkg-plist | 9 |
8 files changed, 282 insertions, 0 deletions
diff --git a/security/dns-proxy-tor/Makefile b/security/dns-proxy-tor/Makefile new file mode 100644 index 000000000000..d966fb5a20b6 --- /dev/null +++ b/security/dns-proxy-tor/Makefile @@ -0,0 +1,45 @@ +# ports collection makefile for: dns-proxy-tor +# Date created: 2006-06-11 +# Whom: Fabian Keil <fk@fabiankeil.de> +# +# $FreeBSD$ +# + +PORTNAME= dns-proxy-tor +PORTVERSION= 0.0.9 +CATEGORIES= security dns +MASTER_SITES= http://p56soo2ibjkx23xo.onion/ \ + http://www.fabiankeil.de/sourcecode/freebsd/ +DISTNAME= trans-proxy-tor-${PORTVERSION} + +MAINTAINER= fk@fabiankeil.de +COMMENT= Resolves DNS requests through Tor + +RUN_DEPENDS= ${LOCALBASE}/bin/tor:${PORTSDIR}/security/tor-devel +USE_PERL5_RUN= yes +USE_RC_SUBR= ${PORTNAME} + +DOCSDIR= ${PREFIX}/share/doc/${PORTNAME} +SUB_FILES= pkg-message + +do-build: +pre-install: + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL +do-install: + ${INSTALL} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin/ + +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} +.for file in LICENSE README changelog filter-examples + ${INSTALL_MAN} ${WRKSRC}/${file} ${DOCSDIR} +.endfor + ${CHOWN} -R _dns-proxy-tor:_dns-proxy-tor ${DOCSDIR} + +.endif + +post-install: + ${MKDIR} ${PREFIX}/var/run/${PORTNAME} + ${CHOWN} _dns-proxy-tor:_dns-proxy-tor ${PREFIX}/var/run/${PORTNAME} + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/dns-proxy-tor/distinfo b/security/dns-proxy-tor/distinfo new file mode 100644 index 000000000000..e8f738117246 --- /dev/null +++ b/security/dns-proxy-tor/distinfo @@ -0,0 +1,3 @@ +MD5 (trans-proxy-tor-0.0.9.tar.gz) = b023f2a01dbcaa4334c05a0b9903044a +SHA256 (trans-proxy-tor-0.0.9.tar.gz) = 02bc0b1b897c57f488edeccd5bb68fd81f04ef5e8f3323af1471d74452e75697 +SIZE (trans-proxy-tor-0.0.9.tar.gz) = 25553 diff --git a/security/dns-proxy-tor/files/dns-proxy-tor.in b/security/dns-proxy-tor/files/dns-proxy-tor.in new file mode 100644 index 000000000000..20c39e064330 --- /dev/null +++ b/security/dns-proxy-tor/files/dns-proxy-tor.in @@ -0,0 +1,70 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: dns-proxy-tor +# REQUIRE: tor +# BEFORE: LOGIN +# +# This rc script understands the following options which are read from /etc/rc.conf: +# +# dns_proxy_tor_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable dns-proxy-tor. +# dns_proxy_tor_user (str): dns-proxy-tor Daemon user. Default is _dns-proxy-tor. +# dns_proxy_tor_group (str): dns-proxy-tor Daemon group. Default is _dns-proxy-tor. +# dns_proxy_tor_start_privileged (bool): Set to "NO" by default. If set to "YES", dns-proxy-tor +# will be started as root and drop privileges itself. +# You need to set this option if you want dns-proxy-tor +# to bind to a reserved port. Do not set dns_proxy_user +# to "root". +# dns_proxy_tor_bind_port (str): Set to 5353 by default. +# dns_proxy_tor_socks_resolve (bool): Set to "NO" by default. +# Set it to "YES" to let dns-proxy-tor return real +# IP adresses instead of virtual ones that only work +# through Tor. +# dns_proxy_tor_logfile (str): Default is "/var/log/dns-proxy-tor.log". Created if necessary. +# dns_proxy_tor_loglevel (str): Default is "info". For other values read perldoc dns-proxy-tor. +# +# dns_proxy_tor_ctrl_addr_and_port( str): Tor's IP and control port. Default is "127.0.0.1:9051". +# dns_proxy_tor_socks_addr_and_port(str): Tor's IP and socks port. Default is "127.0.0.1:9050". + +. %%RC_SUBR%% + +name="dns_proxy_tor" +rcvar=${name}_enable +command_interpreter="/usr/bin/perl" +load_rc_config ${name} + +: ${dns_proxy_tor_enable="NO"} +: ${dns_proxy_tor_user="_dns-proxy-tor"} +: ${dns_proxy_tor_group="_dns-proxy-tor"} +: ${dns_proxy_tor_bind_addr="127.0.0.1"} +: ${dns_proxy_tor_bind_port="5353"} +: ${dns_proxy_tor_start_privileged="NO"} +: ${dns_proxy_tor_logfile="/var/log/dns-proxy-tor.log"} +: ${dns_proxy_tor_loglevel="info"} +: ${dns_proxy_tor_socks_resolve="NO"} +: ${dns_proxy_tor_ctrl_addr_and_port="127.0.0.1:9051"} +: ${dns_proxy_tor_socks_addr_and_port="127.0.0.1:9050"} +: ${pidfile="%%PREFIX%%/var/run/dns-proxy-tor/dns-proxy-tor.pid"} + +start_precmd="if [ ! -e ${dns_proxy_tor_logfile} ]; then\ + echo Creating ${dns_proxy_tor_logfile};\ + touch ${dns_proxy_tor_logfile};\ + chown ${dns_proxy_tor_user}:${dns_proxy_tor_group} ${dns_proxy_tor_logfile};\ +fi" + +command="%%PREFIX%%/bin/dns-proxy-tor" +command_args="-b ${dns_proxy_tor_bind_addr}:${dns_proxy_tor_bind_port} -p ${pidfile}\ + -v ${dns_proxy_tor_loglevel} -l ${dns_proxy_tor_logfile} -t ${dns_proxy_tor_ctrl_addr_and_port}" + +if [ x$dns_proxy_tor_socks_resolve != xNO ]; then + command_args="${command_args} -s ${dns_proxy_tor_socks_addr_and_port}" +fi + +if [ x$dns_proxy_tor_start_privileged != xNO ]; then + command_args="${command_args} -u ${dns_proxy_tor_user}:${dns_proxy_tor_user}" + dns_proxy_tor_user="root" +fi + +run_rc_command "$1" diff --git a/security/dns-proxy-tor/files/pkg-message.in b/security/dns-proxy-tor/files/pkg-message.in new file mode 100644 index 000000000000..0c8483ba32d5 --- /dev/null +++ b/security/dns-proxy-tor/files/pkg-message.in @@ -0,0 +1,48 @@ + +Before running dns-proxy-tor you have to add: + + ControlPort 9051 + +in Tor's configuration file (usually: %%PREFIX%%/etc/tor/torrc). + +By default dns-proxy-tor binds to port 5353, +you can use PF to make sure DNS requests get there: + + # Example taken from %%DOCSDIR%%/filter-examples + # redirect dns traffic from both into the dns proxy + rdr pass on { lo1 $int_if } inet proto udp to port domain \ + -> 127.0.0.1 port $dns_proxy + # reroute loopback dns queries + pass out quick on lo0 route-to lo1 inet proto udp to port domain keep state + # skip all other loopback traffic + pass quick on lo0 keep state + # reroute locally generated dns trying to leave on the external interface + pass out on $ext_if route-to lo1 inet proto udp to port domain keep state + +Add: + + cloned_interfaces="lo1" + ifconfig_lo1="127.0.0.2 up" + +to /etc/rc.conf to create and configure lo1 on boot, add + + dns_proxy_tor_enable="YES" + +to start dns-proxy-tor on boot as well. If you want dns-proxy-tor +to bind to the standard port 53, additionally use: + + dns_proxy_tor_start_privileged="YES" + dns_proxy_tor_bind_port="53" + +Have a look at %%PREFIX%%/etc/rc.d/dns-proxy-tor +to see the other optional variables you can use. + +dns-proxy-tor's README, LICENSE and changelog were copied to +%%DOCSDIR%%, note that they also contain +information about trans-proxy-tor which has its own port. + +Run: + + perldoc dns-proxy-tor + +to see how to use dns-proxy-tor without the rc file. diff --git a/security/dns-proxy-tor/pkg-deinstall b/security/dns-proxy-tor/pkg-deinstall new file mode 100644 index 000000000000..3879855095d3 --- /dev/null +++ b/security/dns-proxy-tor/pkg-deinstall @@ -0,0 +1,62 @@ +#! /bin/sh +# +# Taken from net/cvsup-mirror + +PATH=/bin:/usr/sbin + +DNS_PROXY_TOR_USER=_dns-proxy-tor +DNS_PROXY_TOR_GROUP=_dns-proxy-tor + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +delete_account() { + local u g home + + u=$1 + g=$2 + if yesno "Do you want me to remove group \"${g}\"" y; then + pw groupdel -n ${g} + echo "Done." + fi + if yesno "Do you want me to remove user \"${u}\"" y; then + eval home=~${u} + pw userdel -n ${u} + echo "Done." + if [ -d "${home}" ]; then + echo "Please remember to remove the home directory \"${home}\"" + fi + fi +} + +if [ x$2 != xDEINSTALL ]; then + exit +fi + +delete_account ${DNS_PROXY_TOR_USER} ${DNS_PROXY_TOR_GROUP} diff --git a/security/dns-proxy-tor/pkg-descr b/security/dns-proxy-tor/pkg-descr new file mode 100644 index 000000000000..3e3300b19a86 --- /dev/null +++ b/security/dns-proxy-tor/pkg-descr @@ -0,0 +1,9 @@ +dns-proxy-tor is a DNS server that stops +DNS leaks with applications that don't support +or aren't configured to use socks4a or Tor's DNS +resolution. + +WWW: http://http://p56soo2ibjkx23xo.onion/ +(Hidden service, only accessible through Tor) +Author: tup <tup at mailvault.com> +License: None (dns-proxy-tor is in the public domain) diff --git a/security/dns-proxy-tor/pkg-install b/security/dns-proxy-tor/pkg-install new file mode 100644 index 000000000000..90d0bad91455 --- /dev/null +++ b/security/dns-proxy-tor/pkg-install @@ -0,0 +1,36 @@ +#!/bin/sh +# Taken from security/tor + +if [ x"$2" = xPRE-INSTALL ]; then + USER="_dns-proxy-tor" + UID="257" + GROUP="_dns-proxy-tor" + GID="257" + + if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if /usr/sbin/pw groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + echo "Please create it, and try again." + exit 1 + fi + fi + + if /usr/sbin/pw user show "${USER}" 2>/dev/null; then + echo "You already have a user \"${USER}\", so I will use it." + else + if /usr/sbin/pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d /nonexistent \ + -s /sbin/nologin \ + -c "dns-proxy-tor user"; then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + echo "Please create it, and try again." + exit 1 + fi + fi +fi diff --git a/security/dns-proxy-tor/pkg-plist b/security/dns-proxy-tor/pkg-plist new file mode 100644 index 000000000000..75046c5331aa --- /dev/null +++ b/security/dns-proxy-tor/pkg-plist @@ -0,0 +1,9 @@ +bin/dns-proxy-tor +%%PORTDOCS%%%%DOCSDIR%%/LICENSE +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/changelog +%%PORTDOCS%%%%DOCSDIR%%/filter-examples +@dirrmtry %%PORTDOCS%%%%DOCSDIR%% +@exec mkdir -p %D/var/run/dns-proxy-tor +@exec chown _dns-proxy-tor:_dns-proxy-tor %D/var/run/dns-proxy-tor +@dirrmtry var/run/dns-proxy-tor |