feat(library): Introduce Tor 0.4.8.13 as library

library/tor/0001-do-not-enforce-directory-permissions.patch

@@ -0,0 +1,76 @@
+diff --git a/src/app/config/config.c b/src/app/config/config.c
+index 102d1bbc04..dc0db3a180 100644
+--- a/src/app/config/config.c
++++ b/src/app/config/config.c
+@@ -1368,17 +1368,17 @@ check_and_create_data_directory(int create,
+                                 char **msg_out)
+ {
+   cpd_check_t cpd_opts = create ? CPD_CREATE : CPD_CHECK;
+-  if (group_readable)
+-      cpd_opts |= CPD_GROUP_READ;
+-  if (check_private_dir(directory,
+-                        cpd_opts,
+-                        owner) < 0) {
+-    tor_asprintf(msg_out,
+-                 "Couldn't %s private data directory \"%s\"",
+-                 create ? "create" : "access",
+-                 directory);
+-    return -1;
+-  }
++  /* if (group_readable) */
++  /*     cpd_opts |= CPD_GROUP_READ; */
++  /* if (check_private_dir(directory, */
++  /*                       cpd_opts, */
++  /*                       owner) < 0) { */
++  /*   tor_asprintf(msg_out, */
++  /*                "Couldn't %s private data directory \"%s\"", */
++  /*                create ? "create" : "access", */
++  /*                directory); */
++  /*   return -1; */
++  /* } */
+
+ #ifndef _WIN32
+   if (group_readable) {
+@@ -1404,11 +1404,11 @@ create_keys_directory(const or_options_t *options)
+   cpd_check_t cpd_opts = CPD_CREATE;
+   if (options->DataDirectoryGroupReadable)
+     cpd_opts |= CPD_GROUP_READ;
+-  if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
+-    log_err(LD_OR, "Can't create/check datadirectory %s",
+-            options->DataDirectory);
+-    return -1;
+-  }
++  /* if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) { */
++  /*   log_err(LD_OR, "Can't create/check datadirectory %s", */
++  /*           options->DataDirectory); */
++  /*   return -1; */
++  /* } */
+
+   /* Check the key directory. */
+   if (check_private_dir(options->KeyDirectory, CPD_CREATE, options->User)) {
+@@ -7180,15 +7180,16 @@ options_get_dir_fname2_suffix,(const or_options_t *options,
+ int
+ check_or_create_data_subdir(const char *subdir)
+ {
+-  char *statsdir = get_datadir_fname(subdir);
+-  int return_val = 0;
+-
+-  if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) {
+-    log_warn(LD_HIST, "Unable to create %s/ directory!", subdir);
+-    return_val = -1;
+-  }
+-  tor_free(statsdir);
+-  return return_val;
++  /* char *statsdir = get_datadir_fname(subdir); */
++  /* int return_val = 0; */
++
++  /* if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) { */
++  /*   log_warn(LD_HIST, "Unable to create %s/ directory!", subdir); */
++  /*   return_val = -1; */
++  /* } */
++  /* tor_free(statsdir) */
++  /* return return_val; */
++	return 0;
+ }
+
+ /** Create a file named <b>fname</b> with contents <b>str</b> in the

library/tor/Dockerfile

@@ -0,0 +1,59 @@
+FROM debian:stable AS build
+ARG TOR_VERSION="0.4.8.13"
+
+RUN apt update
+RUN apt install -y wget apt-transport-https
+
+RUN apt install -y build-essential libssl-dev ca-certificates libcap-dev libevent-dev libssl-dev liblzma-dev zlib1g-dev libzstd-dev
+
+RUN wget https://www.torproject.org/dist/tor-${TOR_VERSION}.tar.gz
+RUN tar xf tor-${TOR_VERSION}.tar.gz
+
+WORKDIR tor-${TOR_VERSION}
+
+COPY ./0001-do-not-enforce-directory-permissions.patch 0001-do-not-enforce-directory-permissions.patch
+RUN patch -p1 < 0001-do-not-enforce-directory-permissions.patch
+
+RUN CFLAGS="-UHAVE_SYSCTL -UHAVE_FSYNC -U__linux__" \
+    ./configure \
+        --enable-gpl \
+        --enable-lzma \
+        --enable-zstd \
+        --disable-seccomp \
+        --disable-html-manual \
+        --disable-asciidoc \
+        --disable-manpage \
+        --disable-unittests
+
+
+RUN make
+RUN make install
+
+RUN strip /usr/local/bin/tor
+
+WORKDIR /
+
+
+FROM scratch
+
+COPY --from=build /usr/local/bin/tor /usr/local/bin/tor
+COPY ./config/torrc /etc/tor/torrc
+
+COPY ./data /data
+
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/nsswitch.conf /etc/nsswitch.conf
+COPY --from=build /usr/local/share/tor/geoip /usr/local/share/tor/geoip
+
+COPY --from=build /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+COPY --from=build /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1
+COPY --from=build /lib/x86_64-linux-gnu/libm.so.6 /lib/x86_64-linux-gnu/libm.so.6
+COPY --from=build /lib/x86_64-linux-gnu/libevent-2.1.so.7 /lib/x86_64-linux-gnu/libevent-2.1.so.7
+COPY --from=build /lib/x86_64-linux-gnu/libssl.so.3 /lib/x86_64-linux-gnu/libssl.so.3
+COPY --from=build /lib/x86_64-linux-gnu/libcrypto.so.3 /lib/x86_64-linux-gnu/libcrypto.so.3
+
+COPY --from=build /lib/x86_64-linux-gnu/libgcc_s.so.1 /lib/x86_64-linux-gnu/libgcc_s.so.1
+COPY --from=build /lib/x86_64-linux-gnu/libcap.so.2 /lib/x86_64-linux-gnu/libcap.so.2
+COPY --from=build /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
+
+COPY --from=build /etc/ld.so.cache /etc/ld.so.cache

library/tor/Kraftfile

@@ -0,0 +1,145 @@
+spec: v0.6
+
+name: tor
+
+rootfs: ./Dockerfile
+
+cmd: ["/usr/local/bin/tor", "--torrc-file", "/etc/tor/torrc"]
+
+template:
+  source: https://github.com/unikraft/app-elfloader.git
+  version: staging
+
+unikraft:
+  source: https://github.com/unikraft/unikraft.git
+  version: staging
+  kconfig:
+    # Configurations options for app-elfloader
+    # (they can't be part of the template atm)
+    CONFIG_APPELFLOADER_ARCH_PRCTL: 'y'
+    CONFIG_APPELFLOADER_BRK: 'y'
+    CONFIG_APPELFLOADER_CUSTOMAPPNAME: 'y'
+    CONFIG_APPELFLOADER_STACK_NBPAGES: 128
+    CONFIG_APPELFLOADER_VFSEXEC_EXECBIT: 'n'
+    CONFIG_APPELFLOADER_VFSEXEC: 'y'
+    CONFIG_APPELFLOADER_HFS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCRESOLVCONF: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTS: 'y'
+    CONFIG_APPELFLOADER_HFS_ETCHOSTNAME: 'y'
+    CONFIG_APPELFLOADER_HFS_REPLACEEXIST: 'y'
+    # Unikraft options
+    CONFIG_HAVE_PAGING_DIRECTMAP: 'y'
+    CONFIG_HAVE_PAGING: 'y'
+    CONFIG_I8042: 'y'
+    CONFIG_LIBDEVFS_AUTOMOUNT: 'y'
+    CONFIG_LIBDEVFS_DEV_NULL: 'y'
+    CONFIG_LIBDEVFS_DEV_STDOUT: 'y'
+    CONFIG_LIBDEVFS_DEV_ZERO: 'y'
+    CONFIG_LIBDEVFS: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_ENVP0: "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP1: "LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib"
+    CONFIG_LIBPOSIX_ENVIRON_ENVP2: "HOME=/"
+    CONFIG_LIBPOSIX_ENVIRON: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_LIBPARAM: 'y'
+    CONFIG_LIBPOSIX_ENVIRON_LIBPARAM_MAXCOUNT: '64'
+    CONFIG_LIBPOSIX_EVENTFD: 'y'
+    CONFIG_LIBPOSIX_FDIO: 'y'
+    CONFIG_LIBPOSIX_FDTAB: 'y'
+    CONFIG_LIBPOSIX_FUTEX: 'y'
+    CONFIG_LIBPOSIX_MMAP: 'y'
+    CONFIG_LIBPOSIX_NETLINK: 'y'
+    CONFIG_LIBPOSIX_PIPE: 'y'
+    CONFIG_LIBPOSIX_POLL: 'y'
+    CONFIG_LIBPOSIX_PROCESS_CLONE: 'y'
+    CONFIG_LIBPOSIX_SOCKET: 'y'
+    CONFIG_LIBPOSIX_SYSINFO: 'y'
+    CONFIG_LIBPOSIX_TIME: 'y'
+    CONFIG_LIBPOSIX_TIMERFD: 'y'
+    CONFIG_LIBPOSIX_UNIXSOCKET: 'y'
+    CONFIG_LIBPOSIX_USER_GID: 0
+    CONFIG_LIBPOSIX_USER_GROUPNAME: "root"
+    CONFIG_LIBPOSIX_USER_UID: 0
+    CONFIG_LIBPOSIX_USER_USERNAME: "root"
+    CONFIG_LIBPOSIX_USER: 'y'
+    CONFIG_LIBRAMFS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER_ULTLS: 'y'
+    CONFIG_LIBSYSCALL_SHIM_HANDLER: 'y'
+    CONFIG_LIBSYSCALL_SHIM_LEGACY_VERBOSE: 'y'
+    CONFIG_LIBSYSCALL_SHIM: 'y'
+    CONFIG_LIBUKALLOCPOOL: 'y'
+    CONFIG_LIBUKBLKDEV_MAXNBQUEUES: '1'
+    CONFIG_LIBUKBLKDEV_DISPATCHERTHREADS: 'y'
+    CONFIG_LIBUKBLKDEV_SYNC_IO_BLOCKED_WAITING: 'y'
+    CONFIG_LIBUKBLKDEV: 'y'
+    CONFIG_LIBUKBOOT_BANNER_MINIMAL: 'y'
+    CONFIG_LIBUKBOOT_HEAP_BASE: '0x400000000'
+    CONFIG_LIBUKBOOT_MAINTHREAD: 'y'
+    CONFIG_LIBUKBOOT_SHUTDOWNREQ_HANDLER: 'y'
+    CONFIG_LIBUKCPIO: 'y'
+    CONFIG_LIBUKDEBUG_CRASH_SCREEN: 'y'
+    CONFIG_LIBUKDEBUG_ENABLE_ASSERT: 'y'
+    CONFIG_LIBUKDEBUG_PRINT_SRCNAME: 'n'
+    CONFIG_LIBUKDEBUG_PRINT_TIME: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK_ERR: 'y'
+    CONFIG_LIBUKDEBUG_PRINTK: 'y'
+    CONFIG_LIBUKDEBUG: 'y'
+    CONFIG_LIBUKFALLOC: 'y'
+    CONFIG_LIBUKMPI: 'n'
+    CONFIG_LIBUKSIGNAL: 'y'
+    CONFIG_LIBUKRANDOM_DEVFS: 'y'
+    CONFIG_LIBUKRANDOM: 'y'
+    CONFIG_LIBUKRANDOM_GETRANDOM: 'y'
+    CONFIG_LIBUKVMEM_DEFAULT_BASE: '0x0000001000000000'
+    CONFIG_LIBUKVMEM_DEMAND_PAGE_IN_SIZE: 12
+    CONFIG_LIBUKVMEM_PAGEFAULT_HANDLER_PRIO: 4
+    CONFIG_LIBUKVMEM: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_CI_EINITRD: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT_UP: 'y'
+    CONFIG_LIBVFSCORE_AUTOMOUNT: 'y'
+    CONFIG_LIBVFSCORE_NONLARGEFILE: 'y'
+    CONFIG_LIBVFSCORE: 'y'
+    CONFIG_LIBUK9P: 'y'
+    CONFIG_OPTIMIZE_DEADELIM: 'y'
+    CONFIG_OPTIMIZE_LTO: 'y'
+    CONFIG_PAGING: 'y'
+    CONFIG_STACK_SIZE_PAGE_ORDER: 4 # 128 * 4K = 512K
+    CONFIG_UKPLAT_MEMREGION_MAX_COUNT: 64
+    CONFIG_LIBUKNETDEV_EINFO_LIBPARAM: 'y'
+
+    # Debug options
+    # CONFIG_LIBUKDEBUG_PRINTD: 'y'
+    # CONFIG_LIBUKDEBUG_PRINTK_INFO: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_STRACE: 'y'
+    # CONFIG_LIBSYSCALL_SHIM_DEBUG: 'y'
+
+libraries:
+  lwip:
+    source: https://github.com/unikraft/lib-lwip.git
+    version: staging
+    kconfig:
+      CONFIG_LWIP_LOOPIF: 'y'
+      CONFIG_LWIP_UKNETDEV: 'y'
+      CONFIG_LWIP_LOOPBACK: 'y'
+      CONFIG_LWIP_TCP: 'y'
+      CONFIG_LWIP_UDP: 'y'
+      CONFIG_LWIP_RAW: 'y'
+      CONFIG_LWIP_WND_SCALE: 'y'
+      CONFIG_LWIP_TCP_KEEPALIVE: 'y'
+      CONFIG_LWIP_THREADS: 'y'
+      CONFIG_LWIP_HEAP: 'y'
+      CONFIG_LWIP_SOCKET: 'y'
+      CONFIG_LWIP_AUTOIFACE: 'y'
+      CONFIG_LWIP_IPV4: 'y'
+      CONFIG_LWIP_DHCP: 'y'
+      CONFIG_LWIP_DNS: 'y'
+      CONFIG_LWIP_NUM_TCPCON: 64
+      CONFIG_LWIP_NUM_TCPLISTENERS: 64
+      CONFIG_LWIP_ICMP: 'y'
+  libelf:
+    source: https://github.com/unikraft/lib-libelf.git
+    version: staging
+
+targets:
+- fc/x86_64
+- qemu/x86_64

library/tor/README.md

@@ -0,0 +1,44 @@
+# Tor
+
+[Tor](https://www.torproject.org/)
+
+# Install keys
+
+Do one of the following
+
+## Copy the relay's keys (for existing relays)
+See:
+https://support.torproject.org/relay-operators/#relay-operators_upgrade-or-move
+
+## Generate new keys (for new relays)
+
+```console
+sudo tor -User $(USER) --keygen --DataDirectory data
+```
+
+NOTE: If you want to run a bridge you have to copy the `pt_state` directory too
+
+# Adjust the config
+
+You *must* set
+
+- `Nickname`
+- `ContactInfo`
+- `Address`
+  - Deploy once to find out the domain name or set it in advance
+
+
+# Run it
+
+~ 1GB RAM should suffice, maybe 2GB is better
+
+```
+kraft cloud --metro fra0 deploy -p 443:443 -M 1024M .
+```
+
+Please don't run an exit node :)
+
+# Links
+
+ - [Tor Project](https://support.torproject.org/relay-operators/)
+ - [Relay Operator Guide](https://support.torproject.org/relay-operators)

library/tor/config/torrc

@@ -0,0 +1,12 @@
+SocksPort 0
+RunAsDaemon 0
+
+DataDirectory /data
+
+## Required: what port to advertise for incoming Tor connections.
+ORPort 0.0.0.0:443
+
+Address SETME
+Nickname SETMET
+ContactInfo SETME
+#MyFamily SETME IF APPLICABLE $keyid,$keyid,...

library/tor/data/keys/.gitignore

@@ -0,0 +1,4 @@
+ed25519_master_id_public_key
+ed25519_master_id_secret_key
+ed25519_signing_cert
+ed25519_signing_secret_key

library/tor/data/pt_state/.gitignore

@@ -0,0 +1,5 @@
+# Keep "empty" directory in git
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore

library/tor/data/stats/.gitignore

@@ -0,0 +1,5 @@
+# Keep "empty" directory in git
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore