gentoo-overlay/net-vpn/tor/tor-0.4.7.13-r1.ebuild

# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

PYTHON_COMPAT=( python3_{10..12} )
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc
inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig

MY_PV="$(ver_rs 4 -)"
MY_PF="${PN}-${MY_PV}"
DESCRIPTION="Anonymizing overlay network for TCP"
HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
SRC_URI="
	https://www.torproject.org/dist/${MY_PF}.tar.gz
	https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
	verify-sig? (
		https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
		https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
	)
"
S="${WORKDIR}/${MY_PF}"

LICENSE="BSD GPL-2"
SLOT="0"
if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
	KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
fi
IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
RESTRICT="!test? ( test )"

DEPEND="
	>=dev-libs/libevent-2.1.12-r1:=[ssl]
	sys-libs/zlib
	caps? ( sys-libs/libcap )
	man? ( app-text/asciidoc )
	dev-libs/openssl:=[-bindist(-)]
	lzma? ( app-arch/xz-utils )
	scrypt? ( app-crypt/libscrypt )
	seccomp? ( >=sys-libs/libseccomp-2.4.1 )
	systemd? ( sys-apps/systemd )
	zstd? ( app-arch/zstd )
"
RDEPEND="
	acct-user/tor
	acct-group/tor
	${DEPEND}
	selinux? ( sec-policy/selinux-tor )
"
DEPEND+="
	test? (
		${DEPEND}
		${PYTHON_DEPS}
	)
"
BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )"

DOCS=()

PATCHES=(
	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
	"${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
)

pkg_setup() {
	use test && python-any-r1_pkg_setup
}

src_unpack() {
	if use verify-sig; then
		cd "${DISTDIR}" || die
		verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
		verify-sig_verify_unsigned_checksums \
			${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
		cd "${WORKDIR}" || die
	fi

	default
}

src_prepare() {
	default

	# Running shellcheck automagically isn't useful for ebuild testing.
	echo "exit 0" > scripts/maint/checkShellScripts.sh || die

	# Only needed for libressl patch
	eautoreconf
}

src_configure() {
	use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )

	export ac_cv_lib_cap_cap_init=$(usex caps)
	export tor_cv_PYTHON="${EPYTHON}"

	local myeconfargs=(
		--localstatedir="${EPREFIX}/var"
		--disable-all-bugs-are-fatal
		--enable-system-torrc
		--disable-android
		--disable-coverage
		--disable-html-manual
		--disable-libfuzzer
		--enable-missing-doc-warnings
		--disable-module-dirauth
		--enable-pic
		--disable-restart-debugging

		# This option is enabled by default upstream w/ zstd, surprisingly.
		# zstd upstream says this shouldn't be relied upon and it may
		# break API & ABI at any point, so Tor tries to fake static-linking
		# to make it work, but then requires a rebuild on any new zstd version
		# even when its standard ABI hasn't changed.
		# See bug #727406 and bug #905708.
		--disable-zstd-advanced-apis

		$(use_enable man asciidoc)
		$(use_enable man manpage)
		$(use_enable lzma)
		$(use_enable scrypt libscrypt)
		$(use_enable seccomp)
		$(use_enable server module-relay)
		$(use_enable systemd)
		$(use_enable tor-hardening gcc-hardening)
		$(use_enable tor-hardening linker-hardening)
		$(use_enable test unittests)
		$(use_enable zstd)
	)

	econf "${myeconfargs[@]}"
}

src_install() {
	default
	readme.gentoo_create_doc

	newconfd "${FILESDIR}"/tor.confd tor
	newinitd "${FILESDIR}"/tor.initd-r9 tor
	systemd_dounit "${FILESDIR}"/tor.service

	keepdir /var/lib/tor

	fperms 750 /var/lib/tor
	fowners tor:tor /var/lib/tor

	insinto /etc/tor/
	newins "${FILESDIR}"/torrc-r2 torrc
}