diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-04-28 11:34:53 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-04-28 11:34:53 -0400 |
commit | 9230bc7c65cec68c66fa9c75751d6c6bd600e9fc (patch) | |
tree | b9c2fe09bca52107a1595be0099bbc580dd39b19 /contrib/dirauth-tools | |
parent | 78b431d3e30def3641f25707197c55a1c7200269 (diff) | |
download | tor-9230bc7c65cec68c66fa9c75751d6c6bd600e9fc.tar.gz tor-9230bc7c65cec68c66fa9c75751d6c6bd600e9fc.zip |
Clean the contrib directory with torch and machete.
We've accumulated a lot of cruft in this directory over the years: so
much, that it passed the point of being so disorganized that we no
longer browsed through it to see how bad it had gotten.
This patch (based on changes by rl1987) tries to remove the most
useless items, and split the others into reasonable directories. It
creates a new scripts/ directory for maint and test scripts.
This patch was generated with the script below. No other changes are made in
this patch.
#############
# new directories
mkdir -p contrib/test-tools
mkdir -p contrib/or-tools
mkdir -p contrib/dirauth-tools
mkdir -p contrib/operator-tools
mkdir -p contrib/client-tools
mkdir -p contrib/test-tools
mkdir -p contrib/dist
mkdir -p contrib/dist/suse
mkdir -p contrib/win32build
mkdir -p scripts/maint
mkdir -p scripts/test
############
# Deleted -- nobody who wants this is going to be looking for it here any
# longer. Also, nobody wants it.
git rm contrib/auto-naming/README
# Deleted: We no longer do polipo.
git rm contrib/polipo/Makefile.mingw
git rm contrib/polipo/README
git rm contrib/polipo/polipo-mingw.nsi
# We haven't even tried to run this for ages. It is a relic of a bygone era
git rm contrib/mdd.py
# contrib/dir-tools/directory-archive/
# Tools for running a directory archive. No longer used - deleting them.
git rm contrib/directory-archive/crontab.sample
git rm contrib/directory-archive/fetch-all
git rm contrib/directory-archive/fetch-all-v3
git rm contrib/directory-archive/tar-them-up
git rm contrib/directory-archive/fetch-all-functions
git rm contrib/directory-archive/sort-into-month-folder
# This appears to be related to very old windows packaging stuff.
git rm contrib/bundle.nsi
git rm contrib/package_nsis-weasel.sh
git rm contrib/package_nsis.sh
git rm contrib/netinst.nsi
git rm contrib/torinst32.ico
git rm contrib/xenobite.ico
# This should not be needed for cross-compilation any more, should it?
git rm contrib/cross.sh
# I don't think anyone ever used this.
git rm contrib/make-signature.sh
# These are attempts to send tor controller commands from the command-line.
# They don't support modern authentication.
git rm contrib/tor-ctrl.sh
# this is for fetching about a tor server from a dirauth. But it
# doesn't authenticate the dirauth: yuck.
git rm contrib/sd
# wow, such unused, very perl4.
git rm contrib/tor-stress
####### contrib/dirauth-tools/
# Tools for running a directory authority
git mv contrib/add-tor contrib/dirauth-tools/
git mv contrib/nagios-check-tor-authority-cert contrib/dirauth-tools/
#######
# contrib/or-tools/
# Tools for examining relays
git mv contrib/check-tor contrib/or-tools/check-tor
git mv contrib/checksocks.pl contrib/or-tools/checksocks.pl
git mv contrib/exitlist contrib/or-tools/exitlist
#######
# contrib/operator-tools
# Tools for running a relay.
git mv contrib/linux-tor-prio.sh contrib/operator-tools/linux-tor-prio.sh
git mv contrib/tor-exit-notice.html contrib/operator-tools/tor-exit-notice.html
git mv contrib/tor.logrotate.in contrib/operator-tools/
######
# contrib/dist
git mv contrib/rc.subr contrib/dist/
git mv contrib/tor.sh.in contrib/dist/
git mv contrib/torctl.in contrib/dist/
git mv contrib/suse/* contrib/dist/suse/
######
# client-tools
git mv contrib/torify contrib/client-tools/torify
git mv contrib/tor-resolve.py contrib/client-tools/
######
# win32build
git mv contrib/package_nsis-mingw.sh contrib/win32build/
git mv contrib/tor.nsi.in contrib/win32build/
# Erinn didn't ask for this...
git mv contrib/tor-mingw.nsi.in contrib/win32build/
git mv contrib/tor.ico contrib/win32build/
######
# scripts/test
git mv contrib/cov-blame scripts/test/cov-blame
git mv contrib/cov-diff scripts/test/cov-diff
git mv contrib/coverage scripts/test/coverage
git mv contrib/scan-build.sh scripts/test/
######## scripts/maint
# Maintainance scripts
#
# These are scripts for developers to use when hacking on Tor. They mostly
# look at the Tor source in one way or another.
git mv contrib/findMergedChanges.pl scripts/maint/findMergedChanges.pl
git mv contrib/checkOptionDocs.pl scripts/maint/checkOptionDocs.pl
git mv contrib/checkSpace.pl scripts/maint/checkSpace.pl
git mv contrib/redox.py scripts/maint/redox.py
git mv contrib/updateVersions.pl scripts/maint/updateVersions.pl
git mv contrib/checkLogs.pl scripts/maint/checkLogs.pl
git mv contrib/format_changelog.py scripts/maint/
Diffstat (limited to 'contrib/dirauth-tools')
-rwxr-xr-x | contrib/dirauth-tools/add-tor | 115 | ||||
-rwxr-xr-x | contrib/dirauth-tools/nagios-check-tor-authority-cert | 86 |
2 files changed, 201 insertions, 0 deletions
diff --git a/contrib/dirauth-tools/add-tor b/contrib/dirauth-tools/add-tor new file mode 100755 index 0000000000..5a12abca80 --- /dev/null +++ b/contrib/dirauth-tools/add-tor @@ -0,0 +1,115 @@ +#!/usr/bin/ruby + +# add-tor - Add a tor fingerprint line to the approved-routers file +# +# Tor's approved-routers file is expected to be versioned using RCS. +# This script checks for uncommitted changes, does a checkout of the +# file, adds the new fingerprint with a comment stating the server's +# operator, and commits the file to RCS again (using -u so that the +# working copy is not removed. +# +# Operator and fingerprint line are read from stdin. +# +# Before adding a fingerprint line, approved-routers is checked for +# rough syntactical correctness. This script also checks that the +# nickname and fingerprint to be added do not already exist in the +# binding list. + + +# Copyright (c) 2006 by Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +BINDING = '/etc/tor/approved-routers' + +def mysys(cmd) + unless system(cmd) + STDERR.puts "ERROR: #{cmd} failed" + exit 1 + end +end + +def check_nick(n) + n =~ /^[a-zA-Z0-9]+$/ +end + +def check_fpr(fpr) + fpr =~ /^([0-9A-F]{4} ){9}[0-9A-F]{4}$/ +end + +def parse_fprline(fprline) + n = fprline[0 ... fprline.index(' ')] + f = fprline[fprline.index(' ') + 1 .. -1 ] + unless check_nick(n) and check_fpr(f) + STDERR.puts "Invalid fpr syntax '#{fprline}'" + exit 1 + end + [n, f] +end + + + +unless system("rcsdiff -q -u #{BINDING}") + STDERR.puts "Uncommitted changes in #{BINDING}. Aborting." + exit 1 +end + +puts "Checking out #{BINDING}..." +mysys("co -l #{BINDING}") + +print "Operator: " +@operator = readline.chop +unless @operator.index('@') + STDERR.puts "ERROR: No @ found" + exit 1 +end + +print "FPR Line: " +@fprline = readline.chop +(@nickname, @fpr) = parse_fprline(@fprline) + +binding = File.new(BINDING, "r+") +binding.readlines.each do |line| + line.chop! + next if line[0..0] == "#" + (n,f) = parse_fprline(line) + if (n == @nickname) + STDERR.puts + STDERR.puts "ERROR: Nickname #{n} already exists in #{BINDING} (fpr: #{f})" + exit 1 + end + if (f == @fpr) + STDERR.puts + STDERR.puts "ERROR: Fpr #{f} already exists in #{BINDING} (nickname: #{n})" + exit 1 + end +end + +puts +puts '| # ' + @operator +puts '| ' + @fprline +puts + +binding.puts '# '+@operator +binding.puts @fprline +binding.close + +puts "Committing #{BINDING}..." +mysys("ci -u -m'Add #{@nickname}' #{BINDING}") diff --git a/contrib/dirauth-tools/nagios-check-tor-authority-cert b/contrib/dirauth-tools/nagios-check-tor-authority-cert new file mode 100755 index 0000000000..46dc7284b7 --- /dev/null +++ b/contrib/dirauth-tools/nagios-check-tor-authority-cert @@ -0,0 +1,86 @@ +#!/bin/bash + +# nagios-check-tor-authority-cert - check certificate expiry time + +# A nagios check for Tor v3 directory authorities: +# - Checks the current certificate expiry time +# +# Usage: nagios-check-tor-authority-cert <authority identity fingerprint> +# e.g.: nagios-check-tor-authority-cert A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 + +# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org> +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +set -e +set -u + +if [ -z "${1:-}" ]; then + echo "Usage: $0 <authority identity fingerprint>" 2>&1 + exit 3 +fi + +identity="$1" + +DIRSERVERS="" +DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26 +DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1 +DIRSERVERS="$DIRSERVERS 216.224.124.114:9030" # ides +DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo +#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada +DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum +DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg + +TMPFILE="`tempfile`" +trap 'rm -f "$TMPFILE"' 0 + +for dirserver in $DIRSERVERS; do + wget -q -O "$TMPFILE" "http://$dirserver/tor/keys/fp/$identity" + if [ "$?" = 0 ]; then + break + else + cat /dev/null > "$TMPFILE" + continue + fi +done + +if ! [ -s "$TMPFILE" ] ; then + echo "UNKNOWN: Downloading certificate for $identity failed." + exit 3 +fi + +expirydate="$(awk '$1=="dir-key-expires" {printf "%s %s", $2, $3}' < "$TMPFILE")" +expiryunix=$(TZ=UTC date -d "$expirydate" +%s) +now=$(date +%s) + +if [ "$now" -ge "$expiryunix" ]; then + echo "CRITICAL: Certificate expired $expirydate (authority $identity)." + exit 2 +elif [ "$(( $now + 7*24*60*60 ))" -ge "$expiryunix" ]; then + echo "CRITICAL: Certificate expires $expirydate (authority $identity)." + exit 2 +elif [ "$(( $now + 30*24*60*60 ))" -ge "$expiryunix" ]; then + echo "WARNING: Certificate expires $expirydate (authority $identity)." + exit 1 +else + echo "OK: Certificate expires $expirydate (authority $identity)." + exit 0 +fi |