From 422b4969210fb3146958b8b391d68fa9787628b3 Mon Sep 17 00:00:00 2001 From: AntiTree Date: Sun, 3 Jul 2016 13:36:43 -0400 Subject: [PATCH] Rebuilt Dockerfile to replace apt-get with a git clone updated torrc, docker-compose, and entrypoint scripts to reflect new users added ca-certificates to requirements, removed asciidocs --- Dockerfile | 52 ++++++++++++++++----------------------- config/torrc | 2 +- docker-compose.yml | 12 ++++----- scripts/da_fingerprint | 2 +- scripts/docker-entrypoint | 33 +++++-------------------- 5 files changed, 35 insertions(+), 66 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1bc8144..6a8c03f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,40 +24,30 @@ ENV TOR_NICKNAME=Tor4 \ TOR_DIRPORT=9030 \ TOR_DIR=/tor -# Add the official torproject.org Debian Tor repository -# - this will always build/install the latest stable version -COPY ./config/tor-apt-sources.list /etc/apt/sources.list.d/ - -# Build & Install: -# - add the gpg key used to sign the packages -# - install build dependencies (and nano) -# - add a 'builder' user for compiling the package as a non-root user -# - build Tor in ~/debian-packages and install the new Tor package -# - backup torrc & cleanup all dependencies and caches -# - adds only 13 MB to the Debian base image (without obfsproxy, which adds another 60 MB) -# TODO: Allow selection of which version of tor to build -RUN gpg --keyserver keys.gnupg.net --recv 886DDD89 && \ - gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - && \ - apt-get update && \ - build_deps="build-essential fakeroot devscripts quilt libssl-dev zlib1g-dev libevent-dev \ - asciidoc docbook-xml docbook-xsl xmlto dh-apparmor libseccomp-dev dh-systemd \ - libsystemd-dev pkg-config dh-autoreconf hardening-includes" && \ +# Install build dependencies +RUN apt-get update && \ + build_deps="build-essential automake libssl-dev zlib1g-dev libevent-dev ca-certificates\ + dh-apparmor libseccomp-dev dh-systemd \ + git" && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \ - obfsproxy \ - tor-geoipdb \ init-system-helpers \ - pwgen \ - nano && \ - adduser --disabled-password --gecos "" builder && \ - su builder -c 'mkdir -v ~/debian-packages; cd ~/debian-packages && \ - apt-get -y source tor && \ - cd tor-* && \ - debuild -rfakeroot -uc -us' && \ - dpkg -i /home/builder/debian-packages/tor_*.deb && \ - mv -v /etc/tor/torrc /etc/tor/torrc.default && \ - deluser --remove-home builder && \ + pwgen + +# Build tor +# clone the latest from the tor repos +# autogen, configure, make, and install tor +# cleanup after +RUN mkdir /src && \ + cd /src && \ + git clone https://git.torproject.org/tor.git && \ + cd tor && \ + ./autogen.sh && \ + ./configure --disable-asciidoc && \ + make && \ + make install && \ apt-get -y purge --auto-remove $build_deps && \ - apt-get clean && rm -r /var/lib/apt/lists/* + apt-get clean && rm -r /var/lib/apt/lists/* && \ + rm -rf /src/* # Copy the base tor configuration file COPY ./config/torrc* /etc/tor/ diff --git a/config/torrc b/config/torrc index a43cd26..49f453e 100644 --- a/config/torrc +++ b/config/torrc @@ -1,5 +1,5 @@ # Run Tor as a regular user (do not change this) -User debian-tor +#User debian-tor TestingTorNetwork 1 diff --git a/docker-compose.yml b/docker-compose.yml index d2fd26b..52adbcd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: da1: - image: antitree/private-tor + image: antitree/private-tor-test expose: - "7000" - "9030" @@ -11,7 +11,7 @@ services: ## Needed to keep track of other nodes - ./tor:/tor da2: - image: antitree/private-tor + image: antitree/private-tor-test expose: - "7000" - "9030" @@ -21,7 +21,7 @@ services: ## Needed to keep track of other nodes - ./tor:/tor da3: - image: antitree/private-tor + image: antitree/private-tor-test expose: - "7000" - "9030" @@ -31,7 +31,7 @@ services: ## Needed to keep track of other nodes - ./tor:/tor relay: - image: antitree/private-tor + image: antitree/private-tor-test expose: - "7000" - "9030" @@ -45,7 +45,7 @@ services: - da2 - da3 exit: - image: antitree/private-tor + image: antitree/private-tor-test expose: - "7000" - "9030" @@ -59,7 +59,7 @@ services: - da2 - da3 client: - image: antitree/private-tor + image: antitree/private-tor-test ports: # Setups a listener on host machine - "9050:9050" diff --git a/scripts/da_fingerprint b/scripts/da_fingerprint index 55c152f..7f37a99 100755 --- a/scripts/da_fingerprint +++ b/scripts/da_fingerprint @@ -7,6 +7,6 @@ RELAY=$(cat $TOR_DIR/$TOR_NICK/fingerprint|awk -F " " '{print $2}') SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}') IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') -TORRC="DirAuthority $NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY" +TORRC="DirAuthority $TOR_NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY" echo $TORRC diff --git a/scripts/docker-entrypoint b/scripts/docker-entrypoint index 88e51f9..3a88ad6 100755 --- a/scripts/docker-entrypoint +++ b/scripts/docker-entrypoint @@ -3,35 +3,18 @@ set -o errexit # Fudge the sleep to try and keep the consensus #FUDGE=$(( ( RANDOM % 100) + 20 )) -FUDGE=30 +FUDGE=3 echo -e "\n========================================================" -# If DataDirectory or secret_id_key is mounted here, it must be owned by the debian-tor user -chown -Rv debian-tor:debian-tor ${TOR_DIR} if [ ! -e /tor-config-done ]; then touch /tor-config-done # only run this once - # Add a Nickname, if none has been set in torrc - if ! grep -q '^Nickname ' /etc/tor/torrc; then - if [ ${TOR_NICKNAME} == "Tor4" ]; then - # if user did not change the default Nickname, genetrate a random pronounceable one - RPW=$(pwgen -0A 10) - export TOR_NICKNAME=${ROLE}${RPW} - echo "Setting random Nickname: ${TOR_NICKNAME}" - else - echo "Setting chosen Nickname: ${TOR_NICKNAME}" - fi - echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc - fi - - # Add ContactInfo from env variable, if none has been set in torrc - if ! grep -q '^ContactInfo ' /etc/tor/torrc; then - if [ -n "${CONTACT_EMAIL}" ]; then - echo "Setting Contact Email: ${CONTACT_EMAIL}" - echo -e "\nContactInfo ${CONTACT_EMAIL}" >> /etc/tor/torrc - fi - fi + # Generate a random name + RPW=$(pwgen -0A 10) + export TOR_NICKNAME=${ROLE}${RPW} + echo "Setting random Nickname: ${TOR_NICKNAME}" + echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc # Host specific modifications to the torrc file echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc @@ -43,7 +26,6 @@ if [ ! -e /tor-config-done ]; then fi echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc - # Changes to the torrc file based on the desired role case ${ROLE} in DA) @@ -54,13 +36,11 @@ if [ ! -e /tor-config-done ]; then echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys mkdir -p ${KEYPATH} - chown -Rv debian-tor:debian-tor ${TOR_DIR} echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \ -i ${KEYPATH}/authority_identity_key \ -s ${KEYPATH}/authority_signing_key \ -c ${KEYPATH}/authority_certificate \ --passphrase-fd 0 - chown -Rv debian-tor:debian-tor ${TOR_DIR} tor --list-fingerprint --orport 1 \ --dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \ --datadirectory ${TOR_DIR}/${TOR_NICKNAME} @@ -97,7 +77,6 @@ if [ ! -e /tor-config-done ]; then sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc - fi echo -e "\n========================================================"