summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormh <mh@scrit.ch>2017-01-20 13:14:17 +0100
committermh <mh@scrit.ch>2017-01-20 13:14:17 +0100
commit7db64192110c0ec6f4d99e619c69819ce33502c4 (patch)
treee9a57827a6191c5c9761265d2147a7ca14cf9867
initial release of SPEC
-rw-r--r--SOURCES/README.fedora43
-rw-r--r--SOURCES/docs-conf.py199
-rw-r--r--SOURCES/onionbalance.logrotate10
-rw-r--r--SOURCES/onionbalance.service40
-rw-r--r--SOURCES/onionbalance.tmpfiles1
-rw-r--r--SOURCES/onionbalance.torrc.example15
-rw-r--r--SPECS/python-onionbalance.spec256
7 files changed, 564 insertions, 0 deletions
diff --git a/SOURCES/README.fedora b/SOURCES/README.fedora
new file mode 100644
index 0000000..e436af0
--- /dev/null
+++ b/SOURCES/README.fedora
@@ -0,0 +1,43 @@
+Notices for Fedora / RedHat / CentOS Users
+==========================================
+
+onionbalance ships with some Debian'isms, especially when it
+comes to the created example torrc for the onionbalance management
+tor daemon.
+
+For this reasons this folder contains a sample onionbalance.torrc file
+which can be used to run a dedicated tor process that onionbalance
+will use.
+
+Setting up onionbalance
+-----------------------
+
+1. create a sample configuration
+
+ $ onionbalance-config
+
+ # step through the wizard
+
+2. Get your onionservices up & running with the generated configuration in config/
+
+3. copy the master config and key to onionbalance's config directory and protect key and config:
+
+ $ cp config/master/config.yaml config/master/*.key /etc/onionbalance/
+ $ chown root:toranon /etc/onionbalance/*
+ $ chmod 0640 /etc/onionbalance/*
+
+4. Copy the supplied sample config as a multi-instance config
+
+ $ cp /usr/share/doc/python*-onionbalance*/onionbalance.torrc.example /etc/tor/onionbalance.torrc
+
+5. Start and enable the tor onionbalance service:
+
+ $ systemctl start tor@onionbalance
+ $ systemctl enable tor@onionbalance
+
+6. Start and enable onionbalance
+
+ $ systemctl start onionbalance
+ $ systemctl enable onionbalance
+
+7. Enjoy!
diff --git a/SOURCES/docs-conf.py b/SOURCES/docs-conf.py
new file mode 100644
index 0000000..d9b538b
--- /dev/null
+++ b/SOURCES/docs-conf.py
@@ -0,0 +1,199 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# onionbalance documentation build configuration file, created by
+# sphinx-quickstart on Wed Jun 10 13:54:42 2015.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys
+import os
+import datetime
+
+import sphinx.environment
+from docutils.utils import get_source_line
+
+# Documentation configuration
+__version__ = '0.1.4'
+__author__ = "Donncha O'Cearbhaill"
+__contact__ = "donncha@donncha.is"
+
+# Ignore the 'dev' version suffix.
+if __version__.endswith('dev'):
+ __version__ = __version__[:-4]
+
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+sys.path.insert(0, os.path.abspath('..'))
+
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+
+# -- General configuration ------------------------------------------------
+
+
+# Don't give warning for external images
+def _warn_node(self, msg, node):
+ if not msg.startswith('nonlocal image URI found:'):
+ self._warnfunc(msg, '%s:%s' % get_source_line(node))
+sphinx.environment.BuildEnvironment.warn_node = _warn_node
+
+# If your documentation needs a minimal Sphinx version, state it here.
+needs_sphinx = '1.1'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+ 'alabaster',
+ 'sphinx.ext.autodoc',
+ 'sphinx.ext.todo',
+ 'sphinx.ext.viewcode',
+ 'sphinxcontrib.autoprogram',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The encoding of source files.
+source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = 'OnionBalance'
+
+# Remove copyright notice for man page
+copyright = ''
+author = __author__
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = __version__
+# The full version, including alpha/beta/rc tags.
+release = __version__
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = 'en'
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build', 'modules.rst']
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+#modindex_common_prefix = []
+
+# If true, keep warnings as "system message" paragraphs in the built documents.
+#keep_warnings = False
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+html_theme = 'alabaster'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+html_theme_options = {
+ "description": "Load balancing and redundancy for Tor hidden services.",
+ 'github_user': 'DonnchaC',
+ 'github_repo': 'onionbalance',
+ 'github_button': False,
+ 'travis_button': False,
+}
+
+# Enable external resources on the RTD hosted documentation only
+if on_rtd:
+ html_theme_options['github_button'] = True
+ html_theme_options['travis_button'] = True
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents. If None, it defaults to
+# "<project> v<release> documentation".
+#html_title = None
+
+# A shorter title for the navigation bar. Default is the same as html_title.
+html_short_title = "OnionBalance Docs"
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = []
+
+# Custom sidebar templates, maps document names to template names.
+html_sidebars = {
+ '**': [
+ 'about.html',
+ 'navigation.html',
+ 'relations.html',
+ ]
+}
+
+# If false, no module index is generated.
+html_domain_indices = False
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+html_show_sphinx = False
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+html_show_copyright = False
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'onionbalancedoc'
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ ('running-onionbalance', 'onionbalance',
+ 'a Tor hidden service load balancer',
+ ['%s <%s>' % (__author__, __contact__)], 1),
+ ('onionbalance-config', 'onionbalance-config',
+ 'tool for generating onionbalance config files and keys',
+ ['%s <%s>' % (__author__, __contact__)], 1),
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
diff --git a/SOURCES/onionbalance.logrotate b/SOURCES/onionbalance.logrotate
new file mode 100644
index 0000000..f8923a9
--- /dev/null
+++ b/SOURCES/onionbalance.logrotate
@@ -0,0 +1,10 @@
+/var/log/onionbalance/*log {
+ compress
+ create 0640 onionbalance toranon
+ daily
+ missingok
+ notifempty
+ rotate 14
+ copytruncate
+ sharedscripts
+}
diff --git a/SOURCES/onionbalance.service b/SOURCES/onionbalance.service
new file mode 100644
index 0000000..476ebf0
--- /dev/null
+++ b/SOURCES/onionbalance.service
@@ -0,0 +1,40 @@
+# OnionBalance systemd target
+
+[Unit]
+Description=OnionBalance - Tor Onion Service load balancer
+Documentation=https://github.com/DonnchaC/onionbalance
+After=network.target tor.service tor@.service tor-master.service
+Wants=network-online.target
+ConditionPathExists=/etc/onionbalance/config.yaml
+
+[Service]
+Type=simple
+PIDFile=/run/onionbalance.pid
+Environment="ONIONBALANCE_LOG_LOCATION=/var/log/onionbalance/log"
+ExecStart=/usr/bin/onionbalance -c /etc/onionbalance/config.yaml
+ExecReload=/usr/bin/onionbalance reload
+TimeoutStopSec=5
+KillMode=mixed
+
+User=onionbalance
+PermissionsStartOnly=true
+Restart=on-abnormal
+RestartSec=2s
+LimitNOFILE=65536
+
+# Hardening
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+RuntimeDirectory=onionbalance
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/proc
+ReadWriteDirectories=-/var/lib/onionbalance
+ReadWriteDirectories=-/var/log/onionbalance
+ReadWriteDirectories=-/run
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/onionbalance.tmpfiles b/SOURCES/onionbalance.tmpfiles
new file mode 100644
index 0000000..11bdee9
--- /dev/null
+++ b/SOURCES/onionbalance.tmpfiles
@@ -0,0 +1 @@
+d /run/onionbalance onionbalance toranon 0750 -
diff --git a/SOURCES/onionbalance.torrc.example b/SOURCES/onionbalance.torrc.example
new file mode 100644
index 0000000..efe1352
--- /dev/null
+++ b/SOURCES/onionbalance.torrc.example
@@ -0,0 +1,15 @@
+# Tor config for the onionbalance management server
+# ---
+# The management server must be able to access the Tor control port.
+# Alternatively the control port can be enabled on the system Tor process.
+
+# Seperate data directory as we run it as a multi-instance
+DataDirectory /var/lib/tor/onionbalance-data
+
+ControlPort 9051
+CookieAuthentication 1
+SocksPort 0
+
+# Make cookie file accessible to onionbalance
+CookieAuthFile /run/tor/onionbalance.control.authcookie
+CookieAuthFileGroupReadable 1
diff --git a/SPECS/python-onionbalance.spec b/SPECS/python-onionbalance.spec
new file mode 100644
index 0000000..ce57994
--- /dev/null
+++ b/SPECS/python-onionbalance.spec
@@ -0,0 +1,256 @@
+%global tarname OnionBalance
+%global pkgname onionbalance
+%global sum Load-balancing for Tor hidden services
+
+# EL7 has a too old sphinx version
+# to support generating of docs
+%if 0%{?fedora} || 0%{?rhel} >= 8
+%global with_python3 1
+%global with_docs 1
+%global main_pkg python3-%{pkgname}
+%else
+%global with_python3 0
+%global with_docs 0
+%global main_pkg python2-%{pkgname}
+%if 0%{?rhel} == 7
+%global for_el7 1
+%endif
+%endif
+
+# test libs are too old for running tests on EL7 & F24
+%if 0%{?fedora} >= 25
+%global with_test 1
+%endif
+
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{main_pkg}-%{version}}
+
+%global toruser toranon
+
+Name: python-%{pkgname}
+Version: 0.1.6
+Release: 1%{?dist}
+Summary: %{sum}
+
+License: BSD
+URL: http://pypi.python.org/pypi/%{tarname}
+Source0: https://github.com/DonnchaC/%{pkgname}/releases/download/%{version}/%{pkgname}-%{version}.tar.gz
+Source1: onionbalance.service
+Source2: onionbalance.tmpfiles
+Source3: onionbalance.logrotate
+Source4: docs-conf.py
+Source5: onionbalance.torrc.example
+Source6: README.fedora
+
+BuildArch: noarch
+
+BuildRequires: systemd-units
+
+BuildRequires: python2-devel
+BuildRequires: python-setuptools
+%if 0%{?for_el7}
+BuildRequires: python-stem
+%else
+BuildRequires: python2-stem
+%endif
+BuildRequires: PyYAML
+BuildRequires: python2-crypto
+BuildRequires: python2-future
+BuildRequires: python-setproctitle
+%if 0%{?with_test}
+BuildRequires: python2-pexpect
+BuildRequires: python2-pytest
+BuildRequires: python2-pytest-mock
+%endif
+%if 0%{?with_docs}
+BuildRequires: python2-sphinxcontrib-autoprogram
+%endif
+
+%if 0%{?with_python3}
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-stem
+BuildRequires: python3-PyYAML
+BuildRequires: python3-crypto
+BuildRequires: python3-future
+BuildRequires: python3-setproctitle
+BuildRequires: python3-sphinxcontrib-autoprogram
+%if 0%{?with_test}
+BuildRequires: python3-pytest
+BuildRequires: python3-pytest-mock
+BuildRequires: python3-pexpect
+%endif
+%endif
+
+BuildRequires: systemd
+
+
+%description
+OnionBalance provides load-balancing and redundancy for Tor
+hidden services by distributing requests to multiple back-end
+Tor instances.
+
+%package -n python2-%{pkgname}
+Summary: %{sum}
+Requires: python-stem
+Requires: PyYAML
+%if 0%{?for_el7}
+Requires: python-setuptools
+%else
+Requires: python2-setuptools
+%endif
+Requires: python2-crypto
+Requires: python2-future
+Requires: python-setproctitle
+%{?python_provide:%python_provide python2-%{pkgname}}
+%if 0%{?with_python3}
+
+%package -n python3-%{pkgname}
+Summary: %{sum}
+Requires: python3-stem
+Requires: python3-PyYAML
+Requires: python3-setuptools
+Requires: python3-crypto
+Requires: python3-future
+Requires: python3-setproctitle
+%{?python_provide:%python_provide python3-%{pkgname}}
+%endif
+Requires: tor
+Requires: logrotate
+Requires(pre): shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+
+%description -n python2-%{pkgname}
+OnionBalance provides load-balancing and redundancy for Tor
+hidden services by distributing requests to multiple back-end
+Tor instances.
+%if 0%{?with_python3}
+
+%description -n python3-%{pkgname}
+OnionBalance provides load-balancing and redundancy for Tor
+hidden services by distributing requests to multiple back-end
+Tor instances.
+This package contains systemd files as well as logrotate rules.
+%else
+This package contains systemd files as well as logrotate rules.
+%endif
+
+%prep
+%autosetup -n %{pkgname}-%{version}
+
+%build
+find . -name '*.pyc' -delete
+%py2_build
+%if 0%{?with_python3}
+%py3_build
+%endif
+%if 0%{?with_docs}
+# restore conf that is missing in egg
+cp %{SOURCE4} docs/conf.py
+PYTHONPATH=. sphinx-build -N -v -v -v -v -E -bhtml docs/ docs/_build/html
+PYTHONPATH=. sphinx-build -N -E -bman docs docs/_build/man
+# Fix hidden-file-or-dir warnings
+rm -rf docs/_build/html/.doctrees docs/_build/html/.buildinfo
+%endif
+
+%install
+%py2_install
+%if 0%{?with_python3}
+cp %{buildroot}/%{_bindir}/%{pkgname} %{buildroot}/%{_bindir}/%{pkgname}-py2
+cp %{buildroot}/%{_bindir}/%{pkgname}-config %{buildroot}/%{_bindir}/%{pkgname}-config-py2
+
+%py3_install
+%endif
+
+%if 0%{?for_el7}
+# EL7 isn't yet that new, but given it's only a little change btw. 3.11 & 3.10
+# it's fine to downgrade that requirement
+sed -i 's/PyYAML>=3.11/PyYAML>=3.10/' %{buildroot}/%{python2_sitelib}/*.egg-info/requires.txt
+%endif
+
+install -d %{buildroot}/etc/logrotate.d
+install -d %{buildroot}/%{_sysconfdir}/%{pkgname}
+install -d %{buildroot}/%{_localstatedir}/log/%{pkgname}
+install -d %{buildroot}/%{_localstatedir}/lib/%{pkgname}
+install -d -m 755 %{buildroot}/%{_unitdir}
+install -d -m 755 %{buildroot}/%{_tmpfilesdir}
+
+install -p -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/%{pkgname}.service
+install -p -m 644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{pkgname}.conf
+install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/%{pkgname}.conf
+%if 0%{?with_docs}
+install -d -m 755 %{buildroot}/%{_mandir}/man1
+cp docs/_build/man/%{pkgname}* %{buildroot}/%{_mandir}/man1/
+%endif
+
+install -p -m 644 %{SOURCE5} .
+install -p -m 644 %{SOURCE6} .
+
+%check
+# on some versions test libs are too old to run
+%if 0%{?with_test}
+py.test --ignore=test/functional
+py.test-3 --ignore=test/functional
+%endif
+
+%pre -n %{main_pkg}
+getent passwd %{pkgname} >/dev/null || \
+ useradd -r -g %{toruser} -d %{_localstatedir}/lib/%{pkgname} -s /sbin/nologin \
+ -c "%{pkgname} daemon user" %{pkgname}
+exit 0
+
+%post -n %{main_pkg}
+%systemd_post onionbalance.service
+
+%preun -n %{main_pkg}
+%systemd_preun onionbalance.service
+
+%postun -n %{main_pkg}
+%systemd_postun_with_restart onionbalance.service
+
+%files -n python2-%{pkgname}
+%license COPYING
+%{python2_sitelib}/*
+%if 0%{?with_python3}
+%{_bindir}/%{pkgname}-py2
+%{_bindir}/%{pkgname}-config-py2
+%else
+%doc README.rst
+%doc README.fedora
+%doc onionbalance.torrc.example
+%{_bindir}/%{pkgname}
+%{_bindir}/%{pkgname}-config
+%{_unitdir}/%{pkgname}.service
+%{_tmpfilesdir}/%{pkgname}.conf
+%dir %attr(0750,root,%{toruser}) %{_sysconfdir}/%{pkgname}
+%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/log/%{pkgname}
+%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/lib/%{pkgname}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{pkgname}.conf
+%endif
+
+%if 0%{?with_python3}
+%files -n python3-%{pkgname}
+%doc README.rst
+%doc README.fedora
+%doc onionbalance.torrc.example
+%license COPYING
+%{python3_sitelib}/*
+%{_bindir}/%{pkgname}
+%{_bindir}/%{pkgname}-config
+%{_unitdir}/%{pkgname}.service
+%{_tmpfilesdir}/%{pkgname}.conf
+%dir %attr(0750,root,%{toruser}) %{_sysconfdir}/%{pkgname}
+%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/log/%{pkgname}
+%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/lib/%{pkgname}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{pkgname}.conf
+%if 0%{?with_docs}
+%doc docs/_build/html
+%doc %attr(0644,root,root) %{_mandir}/man1/%{pkgname}*
+%endif
+%endif
+
+%changelog
+* Fri Jan 20 2017 Marcel Haerry <mh+fedora@scrit.ch> - 0.1.6-1
+ initial release