diff --git a/.gitignore b/.gitignore index e69de29..9cad343 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/onionbalance-0.1.6.tar.gz diff --git a/README.fedora b/README.fedora new file mode 100644 index 0000000..e436af0 --- /dev/null +++ b/README.fedora @@ -0,0 +1,43 @@ +Notices for Fedora / RedHat / CentOS Users +========================================== + +onionbalance ships with some Debian'isms, especially when it +comes to the created example torrc for the onionbalance management +tor daemon. + +For this reasons this folder contains a sample onionbalance.torrc file +which can be used to run a dedicated tor process that onionbalance +will use. + +Setting up onionbalance +----------------------- + +1. create a sample configuration + + $ onionbalance-config + + # step through the wizard + +2. Get your onionservices up & running with the generated configuration in config/ + +3. copy the master config and key to onionbalance's config directory and protect key and config: + + $ cp config/master/config.yaml config/master/*.key /etc/onionbalance/ + $ chown root:toranon /etc/onionbalance/* + $ chmod 0640 /etc/onionbalance/* + +4. Copy the supplied sample config as a multi-instance config + + $ cp /usr/share/doc/python*-onionbalance*/onionbalance.torrc.example /etc/tor/onionbalance.torrc + +5. Start and enable the tor onionbalance service: + + $ systemctl start tor@onionbalance + $ systemctl enable tor@onionbalance + +6. Start and enable onionbalance + + $ systemctl start onionbalance + $ systemctl enable onionbalance + +7. Enjoy! diff --git a/docs-conf.py b/docs-conf.py new file mode 100644 index 0000000..d9b538b --- /dev/null +++ b/docs-conf.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# onionbalance documentation build configuration file, created by +# sphinx-quickstart on Wed Jun 10 13:54:42 2015. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import datetime + +import sphinx.environment +from docutils.utils import get_source_line + +# Documentation configuration +__version__ = '0.1.4' +__author__ = "Donncha O'Cearbhaill" +__contact__ = "donncha@donncha.is" + +# Ignore the 'dev' version suffix. +if __version__.endswith('dev'): + __version__ = __version__[:-4] + + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath('..')) + +on_rtd = os.environ.get('READTHEDOCS', None) == 'True' + +# -- General configuration ------------------------------------------------ + + +# Don't give warning for external images +def _warn_node(self, msg, node): + if not msg.startswith('nonlocal image URI found:'): + self._warnfunc(msg, '%s:%s' % get_source_line(node)) +sphinx.environment.BuildEnvironment.warn_node = _warn_node + +# If your documentation needs a minimal Sphinx version, state it here. +needs_sphinx = '1.1' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'alabaster', + 'sphinx.ext.autodoc', + 'sphinx.ext.todo', + 'sphinx.ext.viewcode', + 'sphinxcontrib.autoprogram', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = 'OnionBalance' + +# Remove copyright notice for man page +copyright = '' +author = __author__ + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = __version__ +# The full version, including alpha/beta/rc tags. +release = __version__ + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = 'en' + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build', 'modules.rst'] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'alabaster' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +html_theme_options = { + "description": "Load balancing and redundancy for Tor hidden services.", + 'github_user': 'DonnchaC', + 'github_repo': 'onionbalance', + 'github_button': False, + 'travis_button': False, +} + +# Enable external resources on the RTD hosted documentation only +if on_rtd: + html_theme_options['github_button'] = True + html_theme_options['travis_button'] = True + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +html_short_title = "OnionBalance Docs" + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = [] + +# Custom sidebar templates, maps document names to template names. +html_sidebars = { + '**': [ + 'about.html', + 'navigation.html', + 'relations.html', + ] +} + +# If false, no module index is generated. +html_domain_indices = False + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +html_show_sphinx = False + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +html_show_copyright = False + +# Output file base name for HTML help builder. +htmlhelp_basename = 'onionbalancedoc' + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('running-onionbalance', 'onionbalance', + 'a Tor hidden service load balancer', + ['%s <%s>' % (__author__, __contact__)], 1), + ('onionbalance-config', 'onionbalance-config', + 'tool for generating onionbalance config files and keys', + ['%s <%s>' % (__author__, __contact__)], 1), +] + +# If true, show URL addresses after external links. +#man_show_urls = False diff --git a/onionbalance.logrotate b/onionbalance.logrotate new file mode 100644 index 0000000..f8923a9 --- /dev/null +++ b/onionbalance.logrotate @@ -0,0 +1,10 @@ +/var/log/onionbalance/*log { + compress + create 0640 onionbalance toranon + daily + missingok + notifempty + rotate 14 + copytruncate + sharedscripts +} diff --git a/onionbalance.service b/onionbalance.service new file mode 100644 index 0000000..476ebf0 --- /dev/null +++ b/onionbalance.service @@ -0,0 +1,40 @@ +# OnionBalance systemd target + +[Unit] +Description=OnionBalance - Tor Onion Service load balancer +Documentation=https://github.com/DonnchaC/onionbalance +After=network.target tor.service tor@.service tor-master.service +Wants=network-online.target +ConditionPathExists=/etc/onionbalance/config.yaml + +[Service] +Type=simple +PIDFile=/run/onionbalance.pid +Environment="ONIONBALANCE_LOG_LOCATION=/var/log/onionbalance/log" +ExecStart=/usr/bin/onionbalance -c /etc/onionbalance/config.yaml +ExecReload=/usr/bin/onionbalance reload +TimeoutStopSec=5 +KillMode=mixed + +User=onionbalance +PermissionsStartOnly=true +Restart=on-abnormal +RestartSec=2s +LimitNOFILE=65536 + +# Hardening +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FOWNER +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +RuntimeDirectory=onionbalance +ReadOnlyDirectories=/ +ReadWriteDirectories=-/proc +ReadWriteDirectories=-/var/lib/onionbalance +ReadWriteDirectories=-/var/log/onionbalance +ReadWriteDirectories=-/run + +[Install] +WantedBy=multi-user.target diff --git a/onionbalance.tmpfiles b/onionbalance.tmpfiles new file mode 100644 index 0000000..11bdee9 --- /dev/null +++ b/onionbalance.tmpfiles @@ -0,0 +1 @@ +d /run/onionbalance onionbalance toranon 0750 - diff --git a/onionbalance.torrc.example b/onionbalance.torrc.example new file mode 100644 index 0000000..efe1352 --- /dev/null +++ b/onionbalance.torrc.example @@ -0,0 +1,15 @@ +# Tor config for the onionbalance management server +# --- +# The management server must be able to access the Tor control port. +# Alternatively the control port can be enabled on the system Tor process. + +# Seperate data directory as we run it as a multi-instance +DataDirectory /var/lib/tor/onionbalance-data + +ControlPort 9051 +CookieAuthentication 1 +SocksPort 0 + +# Make cookie file accessible to onionbalance +CookieAuthFile /run/tor/onionbalance.control.authcookie +CookieAuthFileGroupReadable 1 diff --git a/python-onionbalance.spec b/python-onionbalance.spec new file mode 100644 index 0000000..c7067fe --- /dev/null +++ b/python-onionbalance.spec @@ -0,0 +1,208 @@ +%global tarname OnionBalance +%global pkgname onionbalance +%global sum Load-balancing for Tor onion services + +# EL7 has a too old sphinx version +# to support generating of docs +%if 0%{?rhel} == 7 +%global for_el7 1 +%global with_docs 0 +%global main_pkg python2-%{pkgname} +%else +%global with_docs 1 +%global for_el7 0 +%global main_pkg python3-%{pkgname} +%endif + +# test libs are too old for running tests on EL7 & F24 +%if 0%{?fedora} >= 25 +%global with_test 1 +%endif + +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{main_pkg}-%{version}} + +%global toruser toranon + +Name: python-%{pkgname} +Version: 0.1.6 +Release: 1%{?dist} +Summary: %{sum} + +License: GPLv3 +URL: http://pypi.python.org/pypi/%{tarname} +Source0: https://github.com/DonnchaC/%{pkgname}/releases/download/%{version}/%{pkgname}-%{version}.tar.gz +Source1: onionbalance.service +Source2: onionbalance.tmpfiles +Source3: onionbalance.logrotate +Source4: docs-conf.py +Source5: onionbalance.torrc.example +Source6: README.fedora + +BuildArch: noarch + +BuildRequires: systemd-units + +%if 0%{?for_el7} +BuildRequires: python-setuptools +BuildRequires: python2-devel +BuildRequires: python-stem +BuildRequires: PyYAML +BuildRequires: python2-crypto +BuildRequires: python2-future +BuildRequires: python-setproctitle +%else +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-stem +BuildRequires: python3-PyYAML +BuildRequires: python3-crypto +BuildRequires: python3-future +BuildRequires: python3-setproctitle +BuildRequires: python3-sphinxcontrib-autoprogram +BuildRequires: python3-pytest +BuildRequires: python3-pytest-mock +BuildRequires: python3-pexpect +%endif + +BuildRequires: systemd + + +%description +OnionBalance provides load-balancing and redundancy for Tor +onion services by distributing requests to multiple back-end +Tor instances. + +%package -n %{main_pkg} +%if 0%{?for_el7} +Summary: %{sum} +Requires: python-stem +Requires: PyYAML +%if 0%{?for_el7} +Requires: python-setuptools +%else +Requires: python2-setuptools +%endif +Requires: python2-crypto +Requires: python2-future +Requires: python-setproctitle +%{?python_provide:%python_provide python2-%{pkgname}} +%else +Summary: %{sum} +Requires: python3-stem +Requires: python3-PyYAML +Requires: python3-setuptools +Requires: python3-crypto +Requires: python3-future +Requires: python3-setproctitle +%{?python_provide:%python_provide python3-%{pkgname}} +%endif +Requires: tor +Requires: logrotate +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description -n %{main_pkg} +OnionBalance provides load-balancing and redundancy for Tor +onion services by distributing requests to multiple back-end +Tor instances. +This package contains systemd files as well as logrotate rules. + +%prep +%autosetup -n %{pkgname}-%{version} + +%build +find . -name '*.pyc' -delete +%if 0%{?for_el7} +%py2_build +%else +%py3_build +%endif +%if 0%{?with_docs} +# restore conf that is missing in egg +cp %{SOURCE4} docs/conf.py +PYTHONPATH=. sphinx-build -N -v -v -v -v -E -bhtml docs/ docs/_build/html +PYTHONPATH=. sphinx-build -N -E -bman docs docs/_build/man +# Fix hidden-file-or-dir warnings +rm -rf docs/_build/html/.doctrees docs/_build/html/.buildinfo +%endif + +%install +%if 0%{?for_el7} +%py2_install +%else +%py3_install +%endif + +%if 0%{?for_el7} +# EL7 isn't yet that new, but given it's only a little change btw. 3.11 & 3.10 +# it's fine to downgrade that requirement +sed -i 's/PyYAML>=3.11/PyYAML>=3.10/' %{buildroot}/%{python2_sitelib}/*.egg-info/requires.txt +%endif + +install -d %{buildroot}/etc/logrotate.d +install -d %{buildroot}/%{_sysconfdir}/%{pkgname} +install -d %{buildroot}/%{_localstatedir}/log/%{pkgname} +install -d %{buildroot}/%{_localstatedir}/lib/%{pkgname} +install -d -m 755 %{buildroot}/%{_unitdir} +install -d -m 755 %{buildroot}/%{_tmpfilesdir} + +install -p -m 644 %{SOURCE1} %{buildroot}/%{_unitdir}/%{pkgname}.service +install -p -m 644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{pkgname}.conf +install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/logrotate.d/%{pkgname}.conf +%if 0%{?with_docs} +install -d -m 755 %{buildroot}/%{_mandir}/man1 +cp docs/_build/man/%{pkgname}* %{buildroot}/%{_mandir}/man1/ +%endif + +install -p -m 644 %{SOURCE5} . +install -p -m 644 %{SOURCE6} . + +%check +# on some versions test libs are too old to run +%if 0%{?with_test} +py.test-3 --ignore=test/functional +%endif + +%pre -n %{main_pkg} +getent passwd %{pkgname} >/dev/null || \ + useradd -r -g %{toruser} -d %{_localstatedir}/lib/%{pkgname} -s /sbin/nologin \ + -c "%{pkgname} daemon user" %{pkgname} +exit 0 + +%post -n %{main_pkg} +%systemd_post onionbalance.service + +%preun -n %{main_pkg} +%systemd_preun onionbalance.service + +%postun -n %{main_pkg} +%systemd_postun_with_restart onionbalance.service + +%files -n %{main_pkg} +%doc README.rst +%doc README.fedora +%doc onionbalance.torrc.example +%license COPYING +%if 0%{?with_docs} +%doc docs/_build/html +%doc %attr(0644,root,root) %{_mandir}/man1/%{pkgname}* +%endif +%if 0%{?for_el7} +%{python2_sitelib}/* +%else +%{python3_sitelib}/* +%endif +%{_bindir}/%{pkgname} +%{_bindir}/%{pkgname}-config +%{_unitdir}/%{pkgname}.service +%{_tmpfilesdir}/%{pkgname}.conf +%dir %attr(0750,root,%{toruser}) %{_sysconfdir}/%{pkgname} +%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/log/%{pkgname} +%dir %attr(0750,%{pkgname},%{toruser}) %{_localstatedir}/lib/%{pkgname} +%config(noreplace) %{_sysconfdir}/logrotate.d/%{pkgname}.conf + +%changelog +* Fri Jan 20 2017 Marcel Haerry - 0.1.6-1 + initial release diff --git a/sources b/sources index e69de29..f8a25be 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +SHA512 (onionbalance-0.1.6.tar.gz) = ed1cbbfdd4f44798b017b8887a81a7b80e6b20e7c454de9957f62dc24ffe9df328131b19d9f1cc071293c10c9cc511f7a6f1777913c9d520979ddc3b9aa4cece