jhawkwind · July 11, 2022 23:44
diff --git a/BuildAStaticTor-CentOS8.sh b/BuildAStaticTor-CentOS8.sh
 #!/bin/bash

 PREFIX="/opt"
 BUILD_DIR=~/build
 LLVM_VERSION="10.0.0"
 LLVM_FILE="llvmorg-${LLVM_VERSION}"
 LLVM_DIR="llvm-project-${LLVM_FILE}"
 OPENSSL_VERSION="1_1_1g"
 OPENSSL_FILE="OpenSSL_${OPENSSL_VERSION}"
 OPENSSL_DIR="openssl-OpenSSL_${OPENSSL_VERSION}"
 TOR_VERSION="0.4.3.5"
 TOR_DIR="tor-${TOR_VERSION}"
 TOR_USERGROUP="toranon"
 LIBEVENT_VERSION="2.1.11-stable"
 LIBEVENT_DIR="libevent-${LIBEVENT_VERSION}"
 ZLIB_VERSION="1.2.11"
 ZLIB_DIR="zlib-${ZLIB_VERSION}"

 cd ~
 mkdir ${BUILD_DIR}
 cd ${BUILD_DIR}

 umask 0022
 sudo yum -y install wget screen mlocate htop yum-utils epel-release
 sudo yum -y update
 sudo yum-config-manager --enable PowerTools
 sudo yum history > yum-history.before
 sudo yum -y install cmake libatomic gdb python36 python3-psutil libstdc++-static gcc gcc-c++ kernel-devel perl-Module-Load-Conditional perl-core perl-Test-Harness systemd-devel glibc rsync
 sudo yum history > yum-history.after
 diff yum-history.before yum-history.after | tail -n 1 | sed -n -E 's/^[^\|0-9]*([0-9]+).*/\1/p' > yum-history.id
 transaction_id="$(cat yum-history.id)";
 rollback_id="$(( transaction_id - 1 ))";

 sudo ln -s /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so

 # wget https://github.com/llvm/llvm-project/archive/llvmorg-10.0.0.tar.gz
 wget https://github.com/llvm/llvm-project/archive/${LLVM_FILE}.tar.gz
 tar xvzf ${LLVM_FILE}.tar.gz

 cd ${BUILD_DIR}/${LLVM_DIR}
 mkdir ${BUILD_DIR}/${LLVM_DIR}/build
 cd mkdir ${BUILD_DIR}/${LLVM_DIR}/build
 # cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_INSTALL_PREFIX='/usr/local' -DCMAKE_BUILD_TYPE=Release ../llvm
 cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_BUILD_TYPE=Release ../llvm
 make -j4
 make check-all -j4
 sudo make install

 export CC=clang
 export CXX=clang++

 cd ${BUILD_DIR}
 # wget https://www.zlib.net/zlib-1.2.11.tar.gz
 wget https://www.zlib.net/${ZLIB_DIR}.tar.gz
 tar xvzf ${ZLIB_DIR}.tar.gz

 # wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
 wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/${LIBEVENT_DIR}.tar.gz
 tar xvzf ${LIBEVENT_DIR}.tar.gz

 # wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1f.tar.gz
 wget https://github.com/openssl/openssl/archive/${OPENSSL_FILE}.tar.gz
 tar xvzf ${OPENSSL_FILE}.tar.gz

 # wget https://dist.torproject.org/tor-0.4.3.5.tar.gz
 wget https://dist.torproject.org/${TOR_DIR}.tar.gz
 tar xvzf ${TOR_DIR}.tar.gz

 cd ${BUILD_DIR}/${ZLIB_DIR}
 # CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=/opt/zlib
 CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=${PREFIX}/${ZLIB_DIR}
 make
 make test

 sudo make install

 cd ${BUILD_DIR}/${LIBEVENT_DIR}
 # ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=/opt/libevent
 ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=${PREFIX}/${LIBEVENT_DIR}
 make
 make verify

 sudo make install

 cd ${BUILD_DIR}/${OPENSSL_DIR}
 # ./config zlib-dynamic --with-zlib-include=/opt/zlib/include --with-zlib-lib=/opt/zlib/lib --prefix=/opt/openssl --openssldir=/opt/openssl -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
 ./config zlib-dynamic --with-zlib-include=${PREFIX}/${ZLIB_DIR}/include --with-zlib-lib=${PREFIX}/${ZLIB_DIR}/lib --prefix=${PREFIX}/${OPENSSL_DIR} --openssldir=${PREFIX}/${OPENSSL_DIR} -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
 make
 make test

 sudo make install

 cd ${BUILD_DIR}/${TOR_DIR}

 sudo useradd --system -c "Tor anonymizing user" -d /var/lib/tor -M -U -s /sbin/nologin ${TOR_USERGROUP}

 ## ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --with-openssl-dir=/opt/openssl --enable-static-libevent --with-libevent-dir=/opt/libevent --enable-static-zlib --with-zlib-dir=/opt/zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-tor-user=toranon --with-tor-group=toranon
 ## WITH Fuzz testing
 ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR}  --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}

 ## WITHOUT Fuzz testing
 #./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR}  --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}
 make
 make test

 sudo make install

 sudo mkdir /var/lib/tor
 sudo mkdir /var/log/tor
 sudo restorecon -v -R /var/lib/tor /var/log/tor
 chown -R ${TOR_USERGROUP}. /var/lib/tor
 chown -R ${TOR_USERGROUP}. /var/log/tor

 sudo rm -f /usr/lib/systemd/system/tor.service

 sudo tee -a /usr/lib/systemd/system/tor.service > /dev/null <<EOT
 [Unit]
 Description=Anonymizing overlay network for TCP
 After=syslog.target network.target nss-lookup.target
 [Service]
 Type=simple
 ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
 ExecStart=/usr/bin/tor -f /etc/tor/torrc
 ExecReload=/bin/kill -HUP ${MAINPID}
 KillSignal=SIGINT
 TimeoutSec=30
 Restart=on-failure
 RestartSec=1
 LimitNOFILE=32768
 # Hardening
 PrivateTmp=yes
 DeviceAllow=/dev/null rw
 DeviceAllow=/dev/urandom r
 InaccessibleDirectories=/home
 InaccessibleDirectories=/root
 InaccessibleDirectories=/run/user
 ReadOnlyDirectories=/boot
 ReadOnlyDirectories=/etc
 ReadOnlyDirectories=/usr
 ReadOnlyDirectories=/run
 ReadOnlyDirectories=/var
 ReadWriteDirectories=/run/tor
 ReadWriteDirectories=/var/lib/tor
 ReadWriteDirectories=/var/log/tor
 CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
 PermissionsStartOnly=yes
 [Install]
 WantedBy = multi-user.target
 EOT

 echo "Installation script has completed. If you wish to remove the extra build tools committed at the beginning, press ENTER."
 echo "Otherwise, press CTRL+C to exit."
 read -p "Press enter to continue . . ."

 cd ${BUILD_DIR}/${OPENSSL_DIR}
 sudo make uninstall
 make clean
 sudo rm -Rf ${PREFIX}/${OPENSSL_DIR}

 cd ${BUILD_DIR}/${LIBEVENT_DIR}
 sudo make uninstall
 make clean
 sudo rm -Rf ${PREFIX}/${LIBEVENT_DIR}

 cd ${BUILD_DIR}/${ZLIB_DIR}
 sudo make uninstall
 make clean
 sudo rm -Rf ${PREFIX}/${ZLIB_DIR}

 if [[ "${rollback_id}" -gt 0 ]]; then
 	sudo yum -y history rollback ${rollback_id}
 fi
	#!/bin/bash

	PREFIX="/opt"
	BUILD_DIR=~/build
	LLVM_VERSION="10.0.0"
	LLVM_FILE="llvmorg-${LLVM_VERSION}"
	LLVM_DIR="llvm-project-${LLVM_FILE}"
	OPENSSL_VERSION="1_1_1g"
	OPENSSL_FILE="OpenSSL_${OPENSSL_VERSION}"
	OPENSSL_DIR="openssl-OpenSSL_${OPENSSL_VERSION}"
	TOR_VERSION="0.4.3.5"
	TOR_DIR="tor-${TOR_VERSION}"
	TOR_USERGROUP="toranon"
	LIBEVENT_VERSION="2.1.11-stable"
	LIBEVENT_DIR="libevent-${LIBEVENT_VERSION}"
	ZLIB_VERSION="1.2.11"
	ZLIB_DIR="zlib-${ZLIB_VERSION}"

	cd ~
	mkdir ${BUILD_DIR}
	cd ${BUILD_DIR}

	umask 0022
	sudo yum -y install wget screen mlocate htop yum-utils epel-release
	sudo yum -y update
	sudo yum-config-manager --enable PowerTools
	sudo yum history > yum-history.before
	sudo yum -y install cmake libatomic gdb python36 python3-psutil libstdc++-static gcc gcc-c++ kernel-devel perl-Module-Load-Conditional perl-core perl-Test-Harness systemd-devel glibc rsync
	sudo yum history > yum-history.after
	diff yum-history.before yum-history.after \| tail -n 1 \| sed -n -E 's/^[^\\|0-9]([0-9]+)./\1/p' > yum-history.id
	transaction_id="$(cat yum-history.id)";
	rollback_id="$(( transaction_id - 1 ))";

	sudo ln -s /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so

	# wget https://github.com/llvm/llvm-project/archive/llvmorg-10.0.0.tar.gz
	wget https://github.com/llvm/llvm-project/archive/${LLVM_FILE}.tar.gz
	tar xvzf ${LLVM_FILE}.tar.gz

	cd ${BUILD_DIR}/${LLVM_DIR}
	mkdir ${BUILD_DIR}/${LLVM_DIR}/build
	cd mkdir ${BUILD_DIR}/${LLVM_DIR}/build
	# cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_INSTALL_PREFIX='/usr/local' -DCMAKE_BUILD_TYPE=Release ../llvm
	cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_BUILD_TYPE=Release ../llvm
	make -j4
	make check-all -j4
	sudo make install

	export CC=clang
	export CXX=clang++

	cd ${BUILD_DIR}
	# wget https://www.zlib.net/zlib-1.2.11.tar.gz
	wget https://www.zlib.net/${ZLIB_DIR}.tar.gz
	tar xvzf ${ZLIB_DIR}.tar.gz

	# wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
	wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/${LIBEVENT_DIR}.tar.gz
	tar xvzf ${LIBEVENT_DIR}.tar.gz

	# wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1f.tar.gz
	wget https://github.com/openssl/openssl/archive/${OPENSSL_FILE}.tar.gz
	tar xvzf ${OPENSSL_FILE}.tar.gz

	# wget https://dist.torproject.org/tor-0.4.3.5.tar.gz
	wget https://dist.torproject.org/${TOR_DIR}.tar.gz
	tar xvzf ${TOR_DIR}.tar.gz

	cd ${BUILD_DIR}/${ZLIB_DIR}
	# CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=/opt/zlib
	CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=${PREFIX}/${ZLIB_DIR}
	make
	make test

	sudo make install

	cd ${BUILD_DIR}/${LIBEVENT_DIR}
	# ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=/opt/libevent
	./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=${PREFIX}/${LIBEVENT_DIR}
	make
	make verify

	sudo make install

	cd ${BUILD_DIR}/${OPENSSL_DIR}
	# ./config zlib-dynamic --with-zlib-include=/opt/zlib/include --with-zlib-lib=/opt/zlib/lib --prefix=/opt/openssl --openssldir=/opt/openssl -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
	./config zlib-dynamic --with-zlib-include=${PREFIX}/${ZLIB_DIR}/include --with-zlib-lib=${PREFIX}/${ZLIB_DIR}/lib --prefix=${PREFIX}/${OPENSSL_DIR} --openssldir=${PREFIX}/${OPENSSL_DIR} -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
	make
	make test

	sudo make install

	cd ${BUILD_DIR}/${TOR_DIR}

	sudo useradd --system -c "Tor anonymizing user" -d /var/lib/tor -M -U -s /sbin/nologin ${TOR_USERGROUP}

	## ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --with-openssl-dir=/opt/openssl --enable-static-libevent --with-libevent-dir=/opt/libevent --enable-static-zlib --with-zlib-dir=/opt/zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-tor-user=toranon --with-tor-group=toranon
	## WITH Fuzz testing
	./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR} --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}

	## WITHOUT Fuzz testing
	#./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR} --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}
	make
	make test

	sudo make install

	sudo mkdir /var/lib/tor
	sudo mkdir /var/log/tor
	sudo restorecon -v -R /var/lib/tor /var/log/tor
	chown -R ${TOR_USERGROUP}. /var/lib/tor
	chown -R ${TOR_USERGROUP}. /var/log/tor

	sudo rm -f /usr/lib/systemd/system/tor.service

	sudo tee -a /usr/lib/systemd/system/tor.service > /dev/null <<EOT
	[Unit]
	Description=Anonymizing overlay network for TCP
	After=syslog.target network.target nss-lookup.target
	[Service]
	Type=simple
	ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
	ExecStart=/usr/bin/tor -f /etc/tor/torrc
	ExecReload=/bin/kill -HUP ${MAINPID}
	KillSignal=SIGINT
	TimeoutSec=30
	Restart=on-failure
	RestartSec=1
	LimitNOFILE=32768
	# Hardening
	PrivateTmp=yes
	DeviceAllow=/dev/null rw
	DeviceAllow=/dev/urandom r
	InaccessibleDirectories=/home
	InaccessibleDirectories=/root
	InaccessibleDirectories=/run/user
	ReadOnlyDirectories=/boot
	ReadOnlyDirectories=/etc
	ReadOnlyDirectories=/usr
	ReadOnlyDirectories=/run
	ReadOnlyDirectories=/var
	ReadWriteDirectories=/run/tor
	ReadWriteDirectories=/var/lib/tor
	ReadWriteDirectories=/var/log/tor
	CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
	PermissionsStartOnly=yes
	[Install]
	WantedBy = multi-user.target
	EOT

	echo "Installation script has completed. If you wish to remove the extra build tools committed at the beginning, press ENTER."
	echo "Otherwise, press CTRL+C to exit."
	read -p "Press enter to continue . . ."

	cd ${BUILD_DIR}/${OPENSSL_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${OPENSSL_DIR}

	cd ${BUILD_DIR}/${LIBEVENT_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${LIBEVENT_DIR}

	cd ${BUILD_DIR}/${ZLIB_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${ZLIB_DIR}

	if [[ "${rollback_id}" -gt 0 ]]; then
	sudo yum -y history rollback ${rollback_id}
	fi
No results found