Rebuilt Dockerfile to replace apt-get with a git clone

updated torrc, docker-compose, and entrypoint scripts to reflect new users
added ca-certificates to requirements, removed asciidocs
This commit is contained in:
AntiTree 2016-07-03 13:36:43 -04:00
parent 8690f647e3
commit 422b496921
5 changed files with 35 additions and 66 deletions

View File

@ -24,40 +24,30 @@ ENV TOR_NICKNAME=Tor4 \
TOR_DIRPORT=9030 \ TOR_DIRPORT=9030 \
TOR_DIR=/tor TOR_DIR=/tor
# Add the official torproject.org Debian Tor repository # Install build dependencies
# - this will always build/install the latest stable version RUN apt-get update && \
COPY ./config/tor-apt-sources.list /etc/apt/sources.list.d/ build_deps="build-essential automake libssl-dev zlib1g-dev libevent-dev ca-certificates\
dh-apparmor libseccomp-dev dh-systemd \
# Build & Install: git" && \
# - add the gpg key used to sign the packages
# - install build dependencies (and nano)
# - add a 'builder' user for compiling the package as a non-root user
# - build Tor in ~/debian-packages and install the new Tor package
# - backup torrc & cleanup all dependencies and caches
# - adds only 13 MB to the Debian base image (without obfsproxy, which adds another 60 MB)
# TODO: Allow selection of which version of tor to build
RUN gpg --keyserver keys.gnupg.net --recv 886DDD89 && \
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - && \
apt-get update && \
build_deps="build-essential fakeroot devscripts quilt libssl-dev zlib1g-dev libevent-dev \
asciidoc docbook-xml docbook-xsl xmlto dh-apparmor libseccomp-dev dh-systemd \
libsystemd-dev pkg-config dh-autoreconf hardening-includes" && \
DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \
obfsproxy \
tor-geoipdb \
init-system-helpers \ init-system-helpers \
pwgen \ pwgen
nano && \
adduser --disabled-password --gecos "" builder && \ # Build tor
su builder -c 'mkdir -v ~/debian-packages; cd ~/debian-packages && \ # clone the latest from the tor repos
apt-get -y source tor && \ # autogen, configure, make, and install tor
cd tor-* && \ # cleanup after
debuild -rfakeroot -uc -us' && \ RUN mkdir /src && \
dpkg -i /home/builder/debian-packages/tor_*.deb && \ cd /src && \
mv -v /etc/tor/torrc /etc/tor/torrc.default && \ git clone https://git.torproject.org/tor.git && \
deluser --remove-home builder && \ cd tor && \
./autogen.sh && \
./configure --disable-asciidoc && \
make && \
make install && \
apt-get -y purge --auto-remove $build_deps && \ apt-get -y purge --auto-remove $build_deps && \
apt-get clean && rm -r /var/lib/apt/lists/* apt-get clean && rm -r /var/lib/apt/lists/* && \
rm -rf /src/*
# Copy the base tor configuration file # Copy the base tor configuration file
COPY ./config/torrc* /etc/tor/ COPY ./config/torrc* /etc/tor/

View File

@ -1,5 +1,5 @@
# Run Tor as a regular user (do not change this) # Run Tor as a regular user (do not change this)
User debian-tor #User debian-tor
TestingTorNetwork 1 TestingTorNetwork 1

View File

@ -1,7 +1,7 @@
version: '2' version: '2'
services: services:
da1: da1:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -11,7 +11,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
da2: da2:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -21,7 +21,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
da3: da3:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -31,7 +31,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
relay: relay:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -45,7 +45,7 @@ services:
- da2 - da2
- da3 - da3
exit: exit:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -59,7 +59,7 @@ services:
- da2 - da2
- da3 - da3
client: client:
image: antitree/private-tor image: antitree/private-tor-test
ports: ports:
# Setups a listener on host machine # Setups a listener on host machine
- "9050:9050" - "9050:9050"

View File

@ -7,6 +7,6 @@ RELAY=$(cat $TOR_DIR/$TOR_NICK/fingerprint|awk -F " " '{print $2}')
SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}') SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}')
IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
TORRC="DirAuthority $NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY" TORRC="DirAuthority $TOR_NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY"
echo $TORRC echo $TORRC

View File

@ -3,35 +3,18 @@ set -o errexit
# Fudge the sleep to try and keep the consensus # Fudge the sleep to try and keep the consensus
#FUDGE=$(( ( RANDOM % 100) + 20 )) #FUDGE=$(( ( RANDOM % 100) + 20 ))
FUDGE=30 FUDGE=3
echo -e "\n========================================================" echo -e "\n========================================================"
# If DataDirectory or secret_id_key is mounted here, it must be owned by the debian-tor user
chown -Rv debian-tor:debian-tor ${TOR_DIR}
if [ ! -e /tor-config-done ]; then if [ ! -e /tor-config-done ]; then
touch /tor-config-done # only run this once touch /tor-config-done # only run this once
# Add a Nickname, if none has been set in torrc # Generate a random name
if ! grep -q '^Nickname ' /etc/tor/torrc; then
if [ ${TOR_NICKNAME} == "Tor4" ]; then
# if user did not change the default Nickname, genetrate a random pronounceable one
RPW=$(pwgen -0A 10) RPW=$(pwgen -0A 10)
export TOR_NICKNAME=${ROLE}${RPW} export TOR_NICKNAME=${ROLE}${RPW}
echo "Setting random Nickname: ${TOR_NICKNAME}" echo "Setting random Nickname: ${TOR_NICKNAME}"
else
echo "Setting chosen Nickname: ${TOR_NICKNAME}"
fi
echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc
fi
# Add ContactInfo from env variable, if none has been set in torrc
if ! grep -q '^ContactInfo ' /etc/tor/torrc; then
if [ -n "${CONTACT_EMAIL}" ]; then
echo "Setting Contact Email: ${CONTACT_EMAIL}"
echo -e "\nContactInfo ${CONTACT_EMAIL}" >> /etc/tor/torrc
fi
fi
# Host specific modifications to the torrc file # Host specific modifications to the torrc file
echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc
@ -43,7 +26,6 @@ if [ ! -e /tor-config-done ]; then
fi fi
echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc
# Changes to the torrc file based on the desired role # Changes to the torrc file based on the desired role
case ${ROLE} in case ${ROLE} in
DA) DA)
@ -54,13 +36,11 @@ if [ ! -e /tor-config-done ]; then
echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc
KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys
mkdir -p ${KEYPATH} mkdir -p ${KEYPATH}
chown -Rv debian-tor:debian-tor ${TOR_DIR}
echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \ echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \
-i ${KEYPATH}/authority_identity_key \ -i ${KEYPATH}/authority_identity_key \
-s ${KEYPATH}/authority_signing_key \ -s ${KEYPATH}/authority_signing_key \
-c ${KEYPATH}/authority_certificate \ -c ${KEYPATH}/authority_certificate \
--passphrase-fd 0 --passphrase-fd 0
chown -Rv debian-tor:debian-tor ${TOR_DIR}
tor --list-fingerprint --orport 1 \ tor --list-fingerprint --orport 1 \
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \ --dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
--datadirectory ${TOR_DIR}/${TOR_NICKNAME} --datadirectory ${TOR_DIR}/${TOR_NICKNAME}
@ -97,7 +77,6 @@ if [ ! -e /tor-config-done ]; then
sleep $FUDGE sleep $FUDGE
cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc
fi fi
echo -e "\n========================================================" echo -e "\n========================================================"