%global _hardened_build 1

%global toruser     toranon
%global torgroup    toranon
%global homedir     %{_localstatedir}/lib/tor
%global logdir      %{_localstatedir}/log/tor
%global rundir      /run/tor

%ifarch %{ix86} x86_64
%bcond_without libseccomp
%else
%bcond_with libseccomp
%endif

Name:       tor
Version:    0.3.0.10
Release:    1%{?dist}
Group:      System Environment/Daemons
License:    BSD
Summary:    Anonymizing overlay network for TCP
URL:        https://www.torproject.org

Source0:    https://www.torproject.org/dist/tor-%{version}.tar.gz
Source1:    https://www.torproject.org/dist/tor-%{version}.tar.gz.asc
Source2:    tor.logrotate
Source3:    tor.defaults-torrc
Source4:    tor.tmpfiles.d
Source10:   tor.service
Source11:   tor@.service
Source12:   tor-master.service
Source20:   README

Patch0:     tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch

BuildRequires:    asciidoc
BuildRequires:    libevent-devel
BuildRequires:    openssl-devel
BuildRequires:    systemd-devel >= 209

%if 0%{with libseccomp}
# Only available on certain architectures.
BuildRequires:    libseccomp-devel
%endif

# /usr/bin/torify is now just a wrapper for torsocks and is only there for
# backwards compatibility.
Requires:         torsocks
Requires(pre):    shadow-utils
Requires(post):   systemd
Requires(preun):  systemd
Requires(postun): systemd


%description
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.

This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.


%prep
%setup -q
%patch0 -p1


%build
%configure --with-tor-user=%{toruser} --with-tor-group=%{torgroup}
make %{?_smp_mflags}


%install
make install DESTDIR=%{buildroot}
mv %{buildroot}%{_sysconfdir}/tor/torrc.sample \
    %{buildroot}%{_sysconfdir}/tor/torrc

install -D -p -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/tor/README

mkdir -p %{buildroot}%{logdir}
mkdir -p %{buildroot}%{homedir}
mkdir -p %{buildroot}%{rundir}

install -D -p -m 0644 %{SOURCE10} %{buildroot}%_unitdir/tor.service
install -D -p -m 0644 %{SOURCE11} %{buildroot}%_unitdir/tor@.service
install -D -p -m 0644 %{SOURCE12} %{buildroot}%_unitdir/tor-master.service
install -D -p -m 0644 %{SOURCE2}  %{buildroot}%{_sysconfdir}/logrotate.d/tor
install -D -p -m 0644 %{SOURCE3}  %{buildroot}%{_datadir}/tor/defaults-torrc
install -D -p -m 0644 %{SOURCE4}  %{buildroot}%{_tmpfilesdir}/tor.conf

# Install docs manually.
rm -rf %{buildroot}%{_datadir}/doc


%pre
getent group %{torgroup} >/dev/null || groupadd -r %{torgroup}
getent passwd %{toruser} >/dev/null || \
    useradd -r -s /sbin/nologin -d %{homedir} -M \
    -c 'Tor anonymizing user' -g %{torgroup} %{toruser}
exit 0

%post
%systemd_post tor.service

%preun
%systemd_preun tor.service
%systemd_preun tor-master.service

%postun
systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ]; then
    # Use restart instead of try-restart, as tor-master may be "inactive" even
    # when there are tor.service and tor@.service instances running.
    systemctl restart tor-master.service >/dev/null 2>&1 || :
fi


%files
%doc LICENSE README ChangeLog ReleaseNotes doc/HACKING doc/*.html
%{_bindir}/tor
%{_bindir}/tor-gencert
%{_bindir}/tor-resolve
%{_bindir}/torify
%{_mandir}/man1/tor.1*
%{_mandir}/man1/tor-gencert.1*
%{_mandir}/man1/tor-resolve.1*
%{_mandir}/man1/torify.1*
%dir %{_datadir}/tor
%{_datadir}/tor/defaults-torrc
%{_datadir}/tor/geoip
%{_datadir}/tor/geoip6
%{_tmpfilesdir}/tor.conf
%{_unitdir}/tor.service
%{_unitdir}/tor@.service
%{_unitdir}/tor-master.service

%dir %{_sysconfdir}/tor
%{_sysconfdir}/tor/README
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc
%config(noreplace) %{_sysconfdir}/logrotate.d/tor

%attr(0750,%{toruser},root) %dir %{homedir}
%attr(0750,%{toruser},%{torgroup}) %dir %{logdir}
%attr(0750,%{toruser},%{torgroup}) %dir %{rundir}


%changelog
* Thu Aug  3 2017 Matthias Adler <macedigital@gmail.com> - 0.3.0.10-1
- Update to upstream release 0.3.0.10

* Mon Jul  3 2017 Matthias Adler <macedigital@gmail.com> - 0.3.0.9-1
- Update to upstream release 0.3.0.9

* Thu Jun  8 2017 Matthias Adler <macedigital@gmail.com> - 0.3.0.8-1.centos
- Update to upstream release 0.3.0.8
- remove libsystemd workarounds for RHEL/CentOS 7+