jhawkwind/BuildAStaticTor-CentOS8.sh

## BuildAStaticTor-CentOS8.sh
#!/bin/bash

PREFIX="/opt"
BUILD_DIR=~/build
LLVM_VERSION="10.0.0"
LLVM_FILE="llvmorg-${LLVM_VERSION}"
LLVM_DIR="llvm-project-${LLVM_FILE}"
OPENSSL_VERSION="1_1_1g"
OPENSSL_FILE="OpenSSL_${OPENSSL_VERSION}"
OPENSSL_DIR="openssl-OpenSSL_${OPENSSL_VERSION}"
TOR_VERSION="0.4.3.5"
TOR_DIR="tor-${TOR_VERSION}"
TOR_USERGROUP="toranon"
LIBEVENT_VERSION="2.1.11-stable"
LIBEVENT_DIR="libevent-${LIBEVENT_VERSION}"
ZLIB_VERSION="1.2.11"
ZLIB_DIR="zlib-${ZLIB_VERSION}"

cd ~
mkdir ${BUILD_DIR}
cd ${BUILD_DIR}

umask 0022
sudo yum -y install wget screen mlocate htop yum-utils epel-release
sudo yum -y update
sudo yum-config-manager --enable PowerTools
sudo yum history > yum-history.before
sudo yum -y install cmake libatomic gdb python36 python3-psutil libstdc++-static gcc gcc-c++ kernel-devel perl-Module-Load-Conditional perl-core perl-Test-Harness systemd-devel glibc rsync
sudo yum history > yum-history.after
diff yum-history.before yum-history.after | tail -n 1 | sed -n -E 's/^[^\|0-9]*([0-9]+).*/\1/p' > yum-history.id
transaction_id="$(cat yum-history.id)";
rollback_id="$(( transaction_id - 1 ))";

sudo ln -s /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so

# wget https://github.com/llvm/llvm-project/archive/llvmorg-10.0.0.tar.gz
wget https://github.com/llvm/llvm-project/archive/${LLVM_FILE}.tar.gz
tar xvzf ${LLVM_FILE}.tar.gz

cd ${BUILD_DIR}/${LLVM_DIR}
mkdir ${BUILD_DIR}/${LLVM_DIR}/build
cd mkdir ${BUILD_DIR}/${LLVM_DIR}/build
# cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_INSTALL_PREFIX='/usr/local' -DCMAKE_BUILD_TYPE=Release ../llvm
cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_BUILD_TYPE=Release ../llvm
make -j4
make check-all -j4
sudo make install

export CC=clang
export CXX=clang++

cd ${BUILD_DIR}
# wget https://www.zlib.net/zlib-1.2.11.tar.gz
wget https://www.zlib.net/${ZLIB_DIR}.tar.gz
tar xvzf ${ZLIB_DIR}.tar.gz

# wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/${LIBEVENT_DIR}.tar.gz
tar xvzf ${LIBEVENT_DIR}.tar.gz

# wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1f.tar.gz
wget https://github.com/openssl/openssl/archive/${OPENSSL_FILE}.tar.gz
tar xvzf ${OPENSSL_FILE}.tar.gz

# wget https://dist.torproject.org/tor-0.4.3.5.tar.gz
wget https://dist.torproject.org/${TOR_DIR}.tar.gz
tar xvzf ${TOR_DIR}.tar.gz

cd ${BUILD_DIR}/${ZLIB_DIR}
# CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=/opt/zlib
CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=${PREFIX}/${ZLIB_DIR}
make
make test

sudo make install

cd ${BUILD_DIR}/${LIBEVENT_DIR}
# ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=/opt/libevent
./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=${PREFIX}/${LIBEVENT_DIR}
make
make verify

sudo make install

cd ${BUILD_DIR}/${OPENSSL_DIR}
# ./config zlib-dynamic --with-zlib-include=/opt/zlib/include --with-zlib-lib=/opt/zlib/lib --prefix=/opt/openssl --openssldir=/opt/openssl -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
./config zlib-dynamic --with-zlib-include=${PREFIX}/${ZLIB_DIR}/include --with-zlib-lib=${PREFIX}/${ZLIB_DIR}/lib --prefix=${PREFIX}/${OPENSSL_DIR} --openssldir=${PREFIX}/${OPENSSL_DIR} -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
make
make test

sudo make install

cd ${BUILD_DIR}/${TOR_DIR}

sudo useradd --system -c "Tor anonymizing user" -d /var/lib/tor -M -U -s /sbin/nologin ${TOR_USERGROUP}

## ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --with-openssl-dir=/opt/openssl --enable-static-libevent --with-libevent-dir=/opt/libevent --enable-static-zlib --with-zlib-dir=/opt/zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-tor-user=toranon --with-tor-group=toranon
## WITH Fuzz testing
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR}  --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}

## WITHOUT Fuzz testing
#./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR}  --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}
make
make test

sudo make install

sudo mkdir /var/lib/tor
sudo mkdir /var/log/tor
sudo restorecon -v -R /var/lib/tor /var/log/tor
chown -R ${TOR_USERGROUP}. /var/lib/tor
chown -R ${TOR_USERGROUP}. /var/log/tor

sudo rm -f /usr/lib/systemd/system/tor.service

sudo tee -a /usr/lib/systemd/system/tor.service > /dev/null <<EOT
[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target
[Service]
Type=simple
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=30
Restart=on-failure
RestartSec=1
LimitNOFILE=32768
# Hardening
PrivateTmp=yes
DeviceAllow=/dev/null rw
DeviceAllow=/dev/urandom r
InaccessibleDirectories=/home
InaccessibleDirectories=/root
InaccessibleDirectories=/run/user
ReadOnlyDirectories=/boot
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/run
ReadOnlyDirectories=/var
ReadWriteDirectories=/run/tor
ReadWriteDirectories=/var/lib/tor
ReadWriteDirectories=/var/log/tor
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
PermissionsStartOnly=yes
[Install]
WantedBy = multi-user.target
EOT

echo "Installation script has completed. If you wish to remove the extra build tools committed at the beginning, press ENTER."
echo "Otherwise, press CTRL+C to exit."
read -p "Press enter to continue . . ."

cd ${BUILD_DIR}/${OPENSSL_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${OPENSSL_DIR}

cd ${BUILD_DIR}/${LIBEVENT_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${LIBEVENT_DIR}

cd ${BUILD_DIR}/${ZLIB_DIR}
sudo make uninstall
make clean
sudo rm -Rf ${PREFIX}/${ZLIB_DIR}

if [[ "${rollback_id}" -gt 0 ]]; then
	sudo yum -y history rollback ${rollback_id}
fi
	#!/bin/bash

	PREFIX="/opt"
	BUILD_DIR=~/build
	LLVM_VERSION="10.0.0"
	LLVM_FILE="llvmorg-${LLVM_VERSION}"
	LLVM_DIR="llvm-project-${LLVM_FILE}"
	OPENSSL_VERSION="1_1_1g"
	OPENSSL_FILE="OpenSSL_${OPENSSL_VERSION}"
	OPENSSL_DIR="openssl-OpenSSL_${OPENSSL_VERSION}"
	TOR_VERSION="0.4.3.5"
	TOR_DIR="tor-${TOR_VERSION}"
	TOR_USERGROUP="toranon"
	LIBEVENT_VERSION="2.1.11-stable"
	LIBEVENT_DIR="libevent-${LIBEVENT_VERSION}"
	ZLIB_VERSION="1.2.11"
	ZLIB_DIR="zlib-${ZLIB_VERSION}"

	cd ~
	mkdir ${BUILD_DIR}
	cd ${BUILD_DIR}

	umask 0022
	sudo yum -y install wget screen mlocate htop yum-utils epel-release
	sudo yum -y update
	sudo yum-config-manager --enable PowerTools
	sudo yum history > yum-history.before
	sudo yum -y install cmake libatomic gdb python36 python3-psutil libstdc++-static gcc gcc-c++ kernel-devel perl-Module-Load-Conditional perl-core perl-Test-Harness systemd-devel glibc rsync
	sudo yum history > yum-history.after
	diff yum-history.before yum-history.after \| tail -n 1 \| sed -n -E 's/^[^\\|0-9]([0-9]+)./\1/p' > yum-history.id
	transaction_id="$(cat yum-history.id)";
	rollback_id="$(( transaction_id - 1 ))";

	sudo ln -s /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so

	# wget https://github.com/llvm/llvm-project/archive/llvmorg-10.0.0.tar.gz
	wget https://github.com/llvm/llvm-project/archive/${LLVM_FILE}.tar.gz
	tar xvzf ${LLVM_FILE}.tar.gz

	cd ${BUILD_DIR}/${LLVM_DIR}
	mkdir ${BUILD_DIR}/${LLVM_DIR}/build
	cd mkdir ${BUILD_DIR}/${LLVM_DIR}/build
	# cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_INSTALL_PREFIX='/usr/local' -DCMAKE_BUILD_TYPE=Release ../llvm
	cmake -G 'Unix Makefiles' -DLLVM_ENABLE_PROJECTS='clang;clang-tools-extra;libcxx;libcxxabi;lldb;compiler-rt;lld;debuginfo-tests' -DCMAKE_BUILD_TYPE=Release ../llvm
	make -j4
	make check-all -j4
	sudo make install

	export CC=clang
	export CXX=clang++

	cd ${BUILD_DIR}
	# wget https://www.zlib.net/zlib-1.2.11.tar.gz
	wget https://www.zlib.net/${ZLIB_DIR}.tar.gz
	tar xvzf ${ZLIB_DIR}.tar.gz

	# wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
	wget https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/${LIBEVENT_DIR}.tar.gz
	tar xvzf ${LIBEVENT_DIR}.tar.gz

	# wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1f.tar.gz
	wget https://github.com/openssl/openssl/archive/${OPENSSL_FILE}.tar.gz
	tar xvzf ${OPENSSL_FILE}.tar.gz

	# wget https://dist.torproject.org/tor-0.4.3.5.tar.gz
	wget https://dist.torproject.org/${TOR_DIR}.tar.gz
	tar xvzf ${TOR_DIR}.tar.gz

	cd ${BUILD_DIR}/${ZLIB_DIR}
	# CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=/opt/zlib
	CFLAGS='-mstackrealign -fPIC' ./configure --static --prefix=${PREFIX}/${ZLIB_DIR}
	make
	make test

	sudo make install

	cd ${BUILD_DIR}/${LIBEVENT_DIR}
	# ./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=/opt/libevent
	./configure --disable-shared --enable-function-sections --enable-static --with-pic --prefix=${PREFIX}/${LIBEVENT_DIR}
	make
	make verify

	sudo make install

	cd ${BUILD_DIR}/${OPENSSL_DIR}
	# ./config zlib-dynamic --with-zlib-include=/opt/zlib/include --with-zlib-lib=/opt/zlib/lib --prefix=/opt/openssl --openssldir=/opt/openssl -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
	./config zlib-dynamic --with-zlib-include=${PREFIX}/${ZLIB_DIR}/include --with-zlib-lib=${PREFIX}/${ZLIB_DIR}/lib --prefix=${PREFIX}/${OPENSSL_DIR} --openssldir=${PREFIX}/${OPENSSL_DIR} -fPIC enable-ec_nistp_64_gcc_128 enable-tls1_3
	make
	make test

	sudo make install

	cd ${BUILD_DIR}/${TOR_DIR}

	sudo useradd --system -c "Tor anonymizing user" -d /var/lib/tor -M -U -s /sbin/nologin ${TOR_USERGROUP}

	## ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-openssl --with-openssl-dir=/opt/openssl --enable-static-libevent --with-libevent-dir=/opt/libevent --enable-static-zlib --with-zlib-dir=/opt/zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-tor-user=toranon --with-tor-group=toranon
	## WITH Fuzz testing
	./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --enable-libfuzzer --enable-oss-fuzz --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR} --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}

	## WITHOUT Fuzz testing
	#./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/var/lib/tor --sysconfdir=/etc --localstatedir=/var/lib --enable-static-tor --enable-static-openssl --enable-static-libevent --enable-static-zlib --enable-systemd --enable-coverage --with-libevent-dir=${PREFIX}/${LIBEVENT_DIR} --with-zlib-dir=${PREFIX}/${ZLIB_DIR} --with-openssl-dir=${PREFIX}/${OPENSSL_DIR} --with-tor-user=${TOR_USERGROUP} --with-tor-group=${TOR_USERGROUP}
	make
	make test

	sudo make install

	sudo mkdir /var/lib/tor
	sudo mkdir /var/log/tor
	sudo restorecon -v -R /var/lib/tor /var/log/tor
	chown -R ${TOR_USERGROUP}. /var/lib/tor
	chown -R ${TOR_USERGROUP}. /var/log/tor

	sudo rm -f /usr/lib/systemd/system/tor.service

	sudo tee -a /usr/lib/systemd/system/tor.service > /dev/null <<EOT
	[Unit]
	Description=Anonymizing overlay network for TCP
	After=syslog.target network.target nss-lookup.target
	[Service]
	Type=simple
	ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
	ExecStart=/usr/bin/tor -f /etc/tor/torrc
	ExecReload=/bin/kill -HUP ${MAINPID}
	KillSignal=SIGINT
	TimeoutSec=30
	Restart=on-failure
	RestartSec=1
	LimitNOFILE=32768
	# Hardening
	PrivateTmp=yes
	DeviceAllow=/dev/null rw
	DeviceAllow=/dev/urandom r
	InaccessibleDirectories=/home
	InaccessibleDirectories=/root
	InaccessibleDirectories=/run/user
	ReadOnlyDirectories=/boot
	ReadOnlyDirectories=/etc
	ReadOnlyDirectories=/usr
	ReadOnlyDirectories=/run
	ReadOnlyDirectories=/var
	ReadWriteDirectories=/run/tor
	ReadWriteDirectories=/var/lib/tor
	ReadWriteDirectories=/var/log/tor
	CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
	PermissionsStartOnly=yes
	[Install]
	WantedBy = multi-user.target
	EOT

	echo "Installation script has completed. If you wish to remove the extra build tools committed at the beginning, press ENTER."
	echo "Otherwise, press CTRL+C to exit."
	read -p "Press enter to continue . . ."

	cd ${BUILD_DIR}/${OPENSSL_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${OPENSSL_DIR}

	cd ${BUILD_DIR}/${LIBEVENT_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${LIBEVENT_DIR}

	cd ${BUILD_DIR}/${ZLIB_DIR}
	sudo make uninstall
	make clean
	sudo rm -Rf ${PREFIX}/${ZLIB_DIR}

	if [[ "${rollback_id}" -gt 0 ]]; then
	sudo yum -y history rollback ${rollback_id}
	fi
No results found