Initial commit

README.md

@@ -0,0 +1,36 @@
+# OpenBSD Ports
+Modified OpenBSD 7.2 ports. Everything here works with OpenBSD 7.2.
+
+## How to install
+First if you haven't done so, download and unpack the ports tree for your current OpenBSD version.
+
+These instructions are taken from https://www.openbsd.org/faq/ports/ports.html#PortsFetch
+
+```
+cd /tmp
+ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
+signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
+cd /usr
+tar xzf /tmp/ports.tar.gz
+```
+
+Then remove some ports and unpack this git repo on top of the ports tree with the instructions below:
+
+```
+rm -rf /usr/ports/net/{i2pd,tor}
+cd /tmp
+ftp https://gitler.moe/koishi/openbsd-ports/archive/master.tar.gz
+tar xzvf /tmp/master.tar.gz
+mv /tmp/openbsd-ports/net/* /usr/ports/net/
+```
+
+## Installing dependencies
+
+```
+# i2pd dependencies
+pkg_add cmake ninja gmake boost 
+
+# tor dependencies
+pkg_add autoconf (select autoconf-2.69 with any patch version)
+pkg_add metaauto libevent
+```

net/i2pd/CVS/Entries

@@ -0,0 +1,4 @@
+/Makefile/1.10/Fri Mar 11 19:46:04 2022//
+/distinfo/1.7/Mon Feb 28 10:49:54 2022//
+D/patches////
+D/pkg////

net/i2pd/CVS/Repository

@@ -0,0 +1 @@
+ports/net/i2pd

net/i2pd/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/i2pd/Makefile

@@ -0,0 +1,46 @@
+COMMENT =	client for the I2P anonymous network
+
+GH_ACCOUNT =	PurpleI2P
+GH_PROJECT =	i2pd
+GH_TAGNAME =	2.45.0
+
+CATEGORIES =	net
+HOMEPAGE =	https://i2pd.website
+
+MAINTAINER =	Koishi Komeiji <koishi@fedora.email>
+
+# BSD
+PERMIT_PACKAGE = Yes
+
+WANTLIB += ${COMPILER_LIBCXX} boost_date_time-mt boost_filesystem-mt
+WANTLIB += boost_program_options-mt boost_system-mt c crypto m
+WANTLIB += ssl z
+
+COMPILER =	base-clang ports-gcc
+MODULES =	devel/cmake
+LIB_DEPENDS =	devel/boost
+
+# for tests
+USE_GMAKE =	Yes
+
+WRKSRC =	${WRKDIST}/build
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/include/i2pd
+	${INSTALL_DATA} ${WRKDIST}/libi2pd{,_client}/*.h \
+		 ${PREFIX}/include/i2pd
+.for dir in family reseed
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/i2pd/certificates/${dir}
+	${INSTALL_DATA} ${WRKDIST}/contrib/certificates/${dir}/* \
+		${PREFIX}/share/examples/i2pd/certificates/${dir}
+.endfor
+	${INSTALL_DATA} ${WRKDIST}/contrib/i2pd.conf \
+		${PREFIX}/share/examples/i2pd/i2pd.conf
+	${INSTALL_DATA} ${WRKDIST}/contrib/tunnels.conf \
+		${PREFIX}/share/examples/i2pd/tunnels.conf
+
+do-test:
+	cd ${WRKDIST}/tests && ${MAKE_PROGRAM} CXX="${CXX}" \
+		INCFLAGS="-L${LOCALBASE}/lib -I${LOCALBASE}/include ${CFLAGS}"
+
+.include <bsd.port.mk>

net/i2pd/distinfo

@@ -0,0 +1,2 @@
+SHA256 (i2pd-2.45.0.tar.gz) = QFDAo4/aBqdt770nIfRo9bCYie17a1p+IH5GWdMAc48=
+SIZE (i2pd-2.45.0.tar.gz) = 630600

net/i2pd/patches/CVS/Entries

@@ -0,0 +1,3 @@
+/patch-libi2pd_Crypto_h/1.2/Fri Mar 11 19:46:04 2022//
+/patch-tests_Makefile/1.6/Fri Mar 11 19:46:04 2022//
+D

net/i2pd/patches/CVS/Repository

@@ -0,0 +1 @@
+ports/net/i2pd/patches

net/i2pd/patches/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/i2pd/patches/patch-tests_Makefile

@@ -0,0 +1,39 @@
+Index: tests/Makefile
+--- tests/Makefile.orig
++++ tests/Makefile
+@@ -1,5 +1,5 @@
+ CXXFLAGS += -Wall -Wno-unused-parameter -Wextra -pedantic -O0 -g -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1 -pthread -Wl,--unresolved-symbols=ignore-in-object-files
+-INCFLAGS += -I../libi2pd
++CXXFLAGS += -Wall -Wextra -pedantic -g -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1 -I../libi2pd/ -pthread -Wl,--unresolved-symbols=ignore-in-object-files
+ 
+ TESTS = test-gost test-gost-sig test-base-64 test-x25519 test-aeadchacha20poly1305 test-blinding test-elligator
+ 
+@@ -14,8 +14,8 @@ test-base-%: ../libi2pd/Base.cpp test-base-%.cpp
+ test-gost: ../libi2pd/Gost.cpp ../libi2pd/I2PEndian.cpp test-gost.cpp
+ 	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto
+ 
+-test-gost-sig: ../libi2pd/Gost.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Crypto.cpp ../libi2pd/Log.cpp test-gost-sig.cpp
+-	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
++test-gost-sig: ../libi2pd/Gost.cpp ../libi2pd/Config.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Crypto.cpp ../libi2pd/Log.cpp test-gost-sig.cpp
++	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -lboost_program_options-mt
+ 
+ test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/Crypto.cpp  test-x25519.cpp
+ 	$(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
+@@ -23,14 +23,14 @@ test-x25519: ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndi
+ test-aeadchacha20poly1305: ../libi2pd/Crypto.cpp ../libi2pd/ChaCha20.cpp ../libi2pd/Poly1305.cpp test-aeadchacha20poly1305.cpp
+ 	 $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
+ 
+-test-blinding: ../libi2pd/Crypto.cpp ../libi2pd/Blinding.cpp ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/util.cpp ../libi2pd/Identity.cpp ../libi2pd/Signature.cpp ../libi2pd/Timestamp.cpp test-blinding.cpp
+-	 $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
++test-blinding: ../libi2pd/Crypto.cpp ../libi2pd/Config.cpp ../libi2pd/Blinding.cpp ../libi2pd/Ed25519.cpp ../libi2pd/I2PEndian.cpp ../libi2pd/Log.cpp ../libi2pd/util.cpp ../libi2pd/Identity.cpp ../libi2pd/Signature.cpp ../libi2pd/Timestamp.cpp test-blinding.cpp
++	 $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system -lboost_program_options-mt
+ 
+ test-elligator: ../libi2pd/Elligator.cpp ../libi2pd/Crypto.cpp test-elligator.cpp
+ 	 $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(INCFLAGS) -o $@ $^ -lcrypto -lssl -lboost_system
+ 
+ run: $(TESTS)
+-	@for TEST in $(TESTS); do ./$$TEST ; done
++	@for TEST in $(TESTS); do echo -n "$$TEST: "; ./$$TEST && echo OK; done
+ 
+ clean:
+ 	rm -f $(TESTS)

net/i2pd/pkg/CVS/Entries

@@ -0,0 +1,5 @@
+/DESCR/1.1.1.1/Sun Jun 16 22:13:55 2019//
+/PLIST/1.6/Fri Mar 11 19:46:04 2022//
+/README/1.2/Fri Mar 11 19:46:04 2022//
+/i2pd.rc/1.4/Fri Mar 11 19:46:04 2022//
+D

net/i2pd/pkg/CVS/Repository

@@ -0,0 +1 @@
+ports/net/i2pd/pkg

net/i2pd/pkg/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/i2pd/pkg/DESCR

@@ -0,0 +1,7 @@
+i2pd is a full featured client for the I2P network written in C++.
+
+I2P (Invisible Internet Project) is a universal anonymous network layer.
+All communications over I2P are anonymous and end-to-end encrypted.
+Participants don't reveal their real IP address to each other. Peer to
+peer (cryptocorruencies, file sharing) and client-to-server applications
+(websites, instant messengers, chat servers) are supported.

net/i2pd/pkg/PLIST

@@ -0,0 +1,200 @@
+@newgroup _i2pd:838
+@newuser _i2pd:838:838:daemon:i2pd account:${LOCALSTATEDIR}/lib/i2pd:/sbin/nologin
+@rcscript ${RCDIR}/i2pd
+@bin bin/i2pd
+include/i2pd/
+include/i2pd/AddressBook.h
+include/i2pd/BOB.h
+include/i2pd/Base.h
+include/i2pd/Blinding.h
+include/i2pd/CPU.h
+include/i2pd/ChaCha20.h
+include/i2pd/ClientContext.h
+include/i2pd/Config.h
+include/i2pd/Crypto.h
+include/i2pd/CryptoKey.h
+include/i2pd/Datagram.h
+include/i2pd/Destination.h
+include/i2pd/ECIESX25519AEADRatchetSession.h
+include/i2pd/Ed25519.h
+include/i2pd/Elligator.h
+include/i2pd/FS.h
+include/i2pd/Family.h
+include/i2pd/Garlic.h
+include/i2pd/Gost.h
+include/i2pd/Gzip.h
+include/i2pd/HTTP.h
+include/i2pd/HTTPProxy.h
+include/i2pd/I2CP.h
+include/i2pd/I2NPProtocol.h
+include/i2pd/I2PEndian.h
+include/i2pd/I2PService.h
+include/i2pd/I2PTunnel.h
+include/i2pd/Identity.h
+include/i2pd/LeaseSet.h
+include/i2pd/LittleBigEndian.h
+include/i2pd/Log.h
+include/i2pd/MatchedDestination.h
+include/i2pd/NTCP2.h
+include/i2pd/NetDbRequests.h
+include/i2pd/Poly1305.h
+include/i2pd/Profiling.h
+include/i2pd/Queue.h
+include/i2pd/Reseed.h
+include/i2pd/RouterContext.h
+include/i2pd/RouterInfo.h
+include/i2pd/SAM.h
+include/i2pd/SOCKS.h
+include/i2pd/SSU2.h
+include/i2pd/Signature.h
+include/i2pd/Siphash.h
+include/i2pd/Streaming.h
+include/i2pd/Tag.h
+include/i2pd/Timestamp.h
+include/i2pd/TransitTunnel.h
+include/i2pd/TransportSession.h
+include/i2pd/Transports.h
+include/i2pd/Tunnel.h
+include/i2pd/TunnelBase.h
+include/i2pd/TunnelConfig.h
+include/i2pd/TunnelEndpoint.h
+include/i2pd/TunnelGateway.h
+include/i2pd/TunnelPool.h
+include/i2pd/api.h
+include/i2pd/util.h
+include/i2pd/version.h
+@static-lib lib/libi2pd.a
+@static-lib lib/libi2pdclient.a
+@owner _i2pd
+@group _i2pd
+@sample ${SYSCONFDIR}/i2pd/
+@sample ${LOCALSTATEDIR}/lib/i2pd/
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/router/
+@owner
+@group
+@static-lib lib/libi2pdlang.a
+share/doc/pkg-readmes/${PKGSTEM}
+share/examples/i2pd/
+share/examples/i2pd/certificates/
+share/examples/i2pd/certificates/family/
+share/examples/i2pd/certificates/family/gostcoin.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/gostcoin.crt
+@owner
+@group
+share/examples/i2pd/certificates/family/i2p-dev.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2p-dev.crt
+@owner
+@group
+share/examples/i2pd/certificates/family/i2pd-dev.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/i2pd-dev.crt
+@owner
+@group
+share/examples/i2pd/certificates/family/mca2-i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/mca2-i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/family/volatile.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/family/volatile.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/
+@owner
+@group
+share/examples/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt 
+@owner
+@group
+share/examples/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/creativecowpat_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/echelon3_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hankhill19580_at_gmail.com.crt 
+@owner
+@group
+share/examples/i2pd/certificates/reseed/hiduser0_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hiduser0_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/hottuna_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/igor_at_novg.net.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/igor_at_novg.net.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/lazygravy_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/r4sas-reseed_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
+@owner
+@group
+share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reseed_at_diva.exchange.crt 
+@owner
+@group
+share/examples/i2pd/i2pd.conf
+@owner _i2pd
+@group _i2pd
+@sample ${SYSCONFDIR}/i2pd/i2pd.conf
+@owner
+@group
+share/examples/i2pd/tunnels.conf
+@owner _i2pd
+@group _i2pd
+@sample ${SYSCONFDIR}/i2pd/tunnels.conf

net/i2pd/pkg/README

@@ -0,0 +1,24 @@
++-----------------------------------------------------------------------
+| Running ${PKGSTEM} on OpenBSD
++-----------------------------------------------------------------------
+
+Resource Limits: File Descriptors
+=================================
+
+By default, the _i2pd user, and so the i2pd process runs in the login(1)
+class of "daemon". The default limits on file descriptors are
+insufficient to run i2pd; instead you should put the _i2pd user and
+process in their own login(1) class with tuned resources. You should
+also raise the system-wide maxfiles limit.
+
+1. Configure i2pd login class in the login.conf(5) file:
+
+        i2pd:\
+                :openfiles-cur=8192:\
+                :openfiles-max=8192:\
+                :tc=daemon:
+
+2. Adjust kern.maxfiles, if needed:
+
+	# sysctl kern.maxfiles=16000
+	# echo "kern.maxfiles=16000" >> /etc/sysctl.conf

net/i2pd/pkg/i2pd.rc

@@ -0,0 +1,9 @@
+#!/bin/ksh
+
+daemon="${TRUEPREFIX}/bin/i2pd --daemon"
+daemon_user="_i2pd"
+daemon_flags="--service --datadir=${LOCALSTATEDIR}/lib/i2pd --conf=${SYSCONFDIR}/i2pd/i2pd.conf --tunconf=${SYSCONFDIR}/i2pd/tunnels.conf --tunnelsdir=${SYSCONFDIR}/i2pd/tunnels.d"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1

net/tor/CVS/Entries

@@ -0,0 +1,4 @@
+/Makefile/1.146/Sun Aug 14 16:52:23 2022//
+/distinfo/1.119/Sun Aug 14 16:52:23 2022//
+D/patches////
+D/pkg////

net/tor/CVS/Repository

@@ -0,0 +1 @@
+ports/net/tor

net/tor/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/tor/Makefile

@@ -0,0 +1,37 @@
+COMMENT=	anonymity service using onion routing
+
+DISTNAME=	tor-0.4.7.12
+CATEGORIES=	net
+HOMEPAGE=	https://www.torproject.org/
+
+MAINTAINER=	Pascal Stumpf <pascal@stumpf.co>
+
+# BSD
+PERMIT_PACKAGE=	Yes
+
+WANTLIB += c crypto event_core event_extra execinfo m pthread ssl z
+
+MASTER_SITES=	https://www.torproject.org/dist/
+
+AUTOCONF_VERSION=2.69
+CONFIGURE_STYLE=autoconf
+# PIE is already taken care of on a per-arch basis, and we have stack protection
+# anyway on FRAME_GROWS_DOWN archs.
+CONFIGURE_ARGS=	--with-ssl-dir=/usr \
+		--with-libevent-dir="${LOCALBASE}" \
+		--disable-gcc-hardening \
+		--disable-lzma \
+		--disable-zstd
+CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no
+
+LIB_DEPENDS=	devel/libevent2
+
+DB_DIR=		/var/tor
+SUBST_VARS+=	DB_DIR
+
+FAKE_FLAGS=	sysconfdir=${PREFIX}/share/examples
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/doc/TUNING ${PREFIX}/share/doc/tor/
+
+.include <bsd.port.mk>

net/tor/distinfo

@@ -0,0 +1,2 @@
+SHA256 (tor-0.4.7.12.tar.gz) = O12WlxLEZ4Ub0CjzFDQ+8VqX6kVxkek/+pcxCwW545U=
+SIZE (tor-0.4.7.12.tar.gz) = 8009573

net/tor/patches/CVS/Entries

@@ -0,0 +1,9 @@
+/patch-configure_ac/1.19/Wed Apr 27 18:29:44 2022//
+/patch-src_config_torrc_sample_in/1.25/Fri Mar 11 19:47:53 2022//
+/patch-src_ext_ed25519_donna_ed25519-donna-portable_h/1.2/Fri Mar 11 19:47:53 2022//
+/patch-src_lib_crypt_ops_crypto_dh_openssl_c/1.2/Fri Mar 11 19:47:53 2022//
+/patch-src_lib_crypt_ops_crypto_rsa_openssl_c/1.2/Fri Mar 11 19:47:53 2022//
+/patch-src_lib_tls_x509_openssl_c/1.2/Fri Mar 11 19:47:53 2022//
+/patch-src_test_test_crypto_c/1.2/Fri Mar 11 19:47:53 2022//
+/patch-src_test_test_crypto_openssl_c/1.2/Fri Mar 11 19:47:53 2022//
+D

net/tor/patches/CVS/Repository

@@ -0,0 +1 @@
+ports/net/tor/patches

net/tor/patches/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/tor/patches/patch-configure_ac

@@ -0,0 +1,18 @@
+disable -fasynchronous-unwind-tables as it breaks build on armv7
+Index: configure.ac
+--- configure.ac.orig
++++ configure.ac
+@@ -1435,13 +1435,6 @@ fi
+ CFLAGS="$saved_CFLAGS"
+ AC_SUBST(F_OMIT_FRAME_POINTER)
+ 
+-dnl ------------------------------------------------------
+-dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
+-dnl for us, as GCC 4.6 and later do at many optimization levels), then
+-dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
+-dnl code will work.
+-TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
+-
+ dnl ============================================================
+ dnl Check for libseccomp
+ 

net/tor/patches/patch-src_config_torrc_sample_in

@@ -0,0 +1,47 @@
+Index: src/config/torrc.sample.in
+--- src/config/torrc.sample.in.orig
++++ src/config/torrc.sample.in
+@@ -39,18 +39,18 @@
+ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
+ #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
+ ## Use the system log instead of Tor's logfiles
+-#Log notice syslog
++Log notice syslog
+ ## To send all messages to stderr:
+ #Log debug stderr
+ 
+ ## Uncomment this to start the process in the background... or use
+ ## --runasdaemon 1 on the command line. This is ignored on Windows;
+ ## see the FAQ entry if you want Tor to run as an NT service.
+-#RunAsDaemon 1
++RunAsDaemon 1
+ 
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+-#DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory /var/tor
+ 
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
+@@ -69,10 +69,10 @@
+ ## HiddenServicePort x y:z says to redirect requests on port x to the
+ ## address y:z.
+ 
+-#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/
++#HiddenServiceDir @LOCALSTATEDIR@/tor/hidden_service/
+ #HiddenServicePort 80 127.0.0.1:80
+ 
+-#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/
++#HiddenServiceDir @LOCALSTATEDIR@/tor/other_hidden_service/
+ #HiddenServicePort 80 127.0.0.1:80
+ #HiddenServicePort 22 127.0.0.1:22
+ 
+@@ -218,6 +218,8 @@
+ ## and any public IPv4 and IPv6 addresses on any interface on the relay.
+ ## See the man page entry for ExitPolicyRejectPrivate if you want to allow
+ ## "exit enclaving".
++## Revoke privileges
++User _tor
+ ##
+ #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
+ #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy

net/tor/patches/patch-src_ext_ed25519_donna_ed25519-donna-portable_h

@@ -0,0 +1,11 @@
+--- src/ext/ed25519/donna/ed25519-donna-portable.h.orig	Fri Dec 11 14:53:44 2015
++++ src/ext/ed25519/donna/ed25519-donna-portable.h	Fri Dec 11 14:53:57 2015
+@@ -50,7 +50,7 @@
+ 		#if defined(__SIZEOF_INT128__)
+ 			#define HAVE_NATIVE_UINT128
+ 			typedef unsigned __int128 uint128_t;
+-		#elif (COMPILER_GCC >= 40400)
++		#elif (COMPILER_GCC >= 40200)
+ 			#define HAVE_NATIVE_UINT128
+ 			typedef unsigned uint128_t __attribute__((mode(TI)));
+ 		#elif defined(CPU_X86_64)

net/tor/patches/patch-src_lib_crypt_ops_crypto_dh_openssl_c

@@ -0,0 +1,59 @@
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: src/lib/crypt_ops/crypto_dh_openssl.c
+--- src/lib/crypt_ops/crypto_dh_openssl.c.orig
++++ src/lib/crypt_ops/crypto_dh_openssl.c
+@@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU
+   /* Copy into a temporary DH object, just so that DH_check() can be called. */
+   if (!(dh = DH_new()))
+       goto out;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   BIGNUM *dh_p, *dh_g;
+   if (!(dh_p = BN_dup(p)))
+     goto out;
+@@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g)
+     goto err;
+   }
+ 
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+   if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) {
+     goto err;
+@@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh)
+ int
+ crypto_dh_generate_public(crypto_dh_t *dh)
+ {
+-#ifndef OPENSSL_1_1_API
++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER)
+  again:
+ #endif
+   if (!DH_generate_key(dh->dh)) {
+@@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
+     return -1;
+     /* LCOV_EXCL_STOP */
+   }
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without
+    * recreating the DH object.  I have no idea what sort of aliasing madness
+    * can occur here, so do the check, and just bail on failure.
+@@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
+ 
+   const BIGNUM *dh_pub;
+ 
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   const BIGNUM *dh_priv;
+   DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+ #else
+@@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
+     if (crypto_dh_generate_public(dh)<0)
+       return -1;
+     else {
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+       DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+ #else
+       dh_pub = dh->dh->pub_key;

net/tor/patches/patch-src_lib_crypt_ops_crypto_rsa_openssl_c

@@ -0,0 +1,50 @@
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: src/lib/crypt_ops/crypto_rsa_openssl.c
+--- src/lib/crypt_ops/crypto_rsa_openssl.c.orig
++++ src/lib/crypt_ops/crypto_rsa_openssl.c
+@@ -47,7 +47,7 @@ struct crypto_pk_t
+ int
+ crypto_pk_key_is_private(const crypto_pk_t *k)
+ {
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   if (!k || !k->key)
+     return 0;
+ 
+@@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env)
+ 
+   const BIGNUM *e;
+ 
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   const BIGNUM *n, *d;
+   RSA_get0_key(env->key, &n, &e, &d);
+ #else
+@@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_
+   const BIGNUM *a_n, *a_e;
+   const BIGNUM *b_n, *b_e;
+ 
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   const BIGNUM *a_d, *b_d;
+   RSA_get0_key(a->key, &a_n, &a_e, &a_d);
+   RSA_get0_key(b->key, &b_n, &b_e, &b_d);
+@@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env)
+   tor_assert(env);
+   tor_assert(env->key);
+ 
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+   /* It's so stupid that there's no other way to check that n is valid
+    * before calling RSA_bits().
+    */
+@@ -572,7 +572,7 @@ static bool
+ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ {
+   const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
+   n = RSA_get0_n(rsa);

net/tor/patches/patch-src_lib_tls_x509_openssl_c

@@ -0,0 +1,14 @@
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: src/lib/tls/x509_openssl.c
+--- src/lib/tls/x509_openssl.c.orig
++++ src/lib/tls/x509_openssl.c
+@@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity,
+   cert_key = X509_get_pubkey(cert->cert);
+   if (check_rsa_1024 && cert_key) {
+     RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+     if (rsa && RSA_bits(rsa) == 1024) {
+ #else
+     if (rsa && BN_num_bits(rsa->n) == 1024) {

net/tor/patches/patch-src_test_test_crypto_c

@@ -0,0 +1,14 @@
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: src/test/test_crypto.c
+--- src/test/test_crypto.c.orig
++++ src/test/test_crypto.c
+@@ -185,7 +185,7 @@ test_crypto_dh(void *arg)
+     dh4 = crypto_dh_new_openssl_tls();
+     tt_assert(DH_generate_key(dh4));
+     const BIGNUM *pk=NULL;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+     const BIGNUM *sk=NULL;
+     DH_get0_key(dh4, &pk, &sk);
+ #else

net/tor/patches/patch-src_test_test_crypto_openssl_c

@@ -0,0 +1,14 @@
+Fix build with opaque structs in LibreSSL 3.5
+
+Index: src/test/test_crypto_openssl.c
+--- src/test/test_crypto_openssl.c.orig
++++ src/test/test_crypto_openssl.c
+@@ -49,7 +49,7 @@ test_crypto_rng_engine(void *arg)
+   ;
+ }
+ 
+-#ifndef OPENSSL_1_1_API
++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER)
+ #define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
+ #define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
+ #endif

net/tor/pkg/CVS/Entries

@@ -0,0 +1,4 @@
+/DESCR/1.1.1.1/Sun Sep 26 10:06:29 2004//
+/PLIST/1.13/Fri Mar 11 19:47:53 2022//
+/tor.rc/1.8/Fri Mar 11 19:47:53 2022//
+D

net/tor/pkg/CVS/Repository

@@ -0,0 +1 @@
+ports/net/tor/pkg

net/tor/pkg/CVS/Root

@@ -0,0 +1 @@
+/cvs

net/tor/pkg/DESCR

@@ -0,0 +1,2 @@
+Tor is a connection-based low-latency anonymous communication system that
+protects TCP streams: web browsing, instant messaging, irc, ssh, etc.

net/tor/pkg/PLIST

@@ -0,0 +1,34 @@
+@newgroup _tor:566
+@newuser _tor:566:566::tor:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/tor
+@bin bin/tor
+@bin bin/tor-gencert
+@bin bin/tor-print-ed-signing-cert
+@bin bin/tor-resolve
+@comment bin/torify
+@man man/man1/tor-gencert.1
+@man man/man1/tor-print-ed-signing-cert.1
+@man man/man1/tor-resolve.1
+@man man/man1/tor.1
+@comment @man man/man1/torify.1
+share/doc/tor/
+share/doc/tor/TUNING
+share/doc/tor/tor-gencert.html
+share/doc/tor/tor-print-ed-signing-cert.html
+share/doc/tor/tor-resolve.html
+share/doc/tor/tor.html
+@comment share/doc/tor/torify.html
+share/examples/tor/
+@sample ${SYSCONFDIR}/tor/
+share/examples/tor/torrc.sample
+@sample ${SYSCONFDIR}/tor/torrc
+@mode 0700
+@owner _tor
+@group _tor
+@sample ${DB_DIR}/
+@mode
+@owner
+@group
+share/tor/
+share/tor/geoip
+share/tor/geoip6

net/tor/pkg/tor.rc

@@ -0,0 +1,10 @@
+#!/bin/ksh
+
+daemon="${TRUEPREFIX}/bin/tor"
+daemon_timeout=60
+
+. /etc/rc.d/rc.subr
+
+rc_stop_signal=INT
+
+rc_cmd $1