diff options
author | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2020-09-11 07:46:59 +0200 |
---|---|---|
committer | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2021-01-04 01:02:26 +0100 |
commit | 0ccdd6f2b043e5123ffd1f76cd2187c39ce19b94 (patch) | |
tree | 139e7cdab4edd8a3e849dcdb3c508439d1f7b545 /pkgs/tools/security/tor | |
parent | 6b342809b1b66dce758364f763b64c6a1a9e6211 (diff) |
nixos/tor: improve type-checking and hardening
Fixes #77395. Fixes #82790.
Diffstat (limited to 'pkgs/tools/security/tor')
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index 04bf598d132aa..e46fd4790a31f 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl, pkgconfig, libevent, openssl, zlib, torsocks , libseccomp, systemd, libcap, lzma, zstd, scrypt, nixosTests +, writeShellScript # for update.nix , writeScript @@ -12,7 +13,21 @@ , gnused , nix }: - +let + tor-client-auth-gen = writeShellScript "tor-client-auth-gen" '' + PATH="${stdenv.lib.makeBinPath [coreutils gnugrep openssl]}" + pem="$(openssl genpkey -algorithm x25519)" + + printf private_key=descriptor:x25519: + echo "$pem" | grep -v " PRIVATE KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + + printf public_key=descriptor:x25519: + echo "$pem" | openssl pkey -in /dev/stdin -pubout | + grep -v " PUBLIC KEY" | + base64 -d | tail --bytes=32 | base32 | tr -d = + ''; +in stdenv.mkDerivation rec { pname = "tor"; version = "0.4.4.6"; @@ -52,6 +67,7 @@ stdenv.mkDerivation rec { mkdir -p $geoip/share/tor mv $out/share/tor/geoip{,6} $geoip/share/tor rm -rf $out/share/tor + ln -s ${tor-client-auth-gen} $out/bin/tor-client-auth-gen ''; passthru = { |