From ed316bf33b23c4cdc10cee85fd9f559bf6120c34 Mon Sep 17 00:00:00 2001
From: Robin Schneider <ypid@riseup.net>
Date: Sun, 29 Mar 2015 15:02:04 +0200
Subject: [PATCH 1/2] Updated to tor 0.2.5.11 and switched to Debian jessie.
 Closes #8.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Debian is the recommended base image for Docker.
  See https://docs.docker.com/articles/dockerfile_best-practices/#from
* Changed volume of tor home dir to the default one /var/lib/tor.
  Note that when I do `docker rm … && docker run …` docker will not use
  the previously used volume but instead create a new container
  resulting in a new private key being generated.
  I use `docker run -v /srv/tor:/var/lib/tor` for persistent storage.
* https://www.torproject.org/docs/debian.html.en
* apt automatically checks packages with GPG. Related to #8.
* Using apt_preferences to ensure that packages from deb.torproject.org are
  preferred. Without this, all packages are installed from the Debian repository.
  See `man apt_preferences`.
* One could also run tor inside the Docker container as debian-tor user.
  But note that the UID of debian-tor might be mapped to a different user
  outside of the container resulting in read+write access for this user
  to the private key.
---
 Dockerfile  | 30 +++++++++++++++++-------------
 apt-pinning |  3 +++
 torrc       |  2 ++
 3 files changed, 22 insertions(+), 13 deletions(-)
 create mode 100644 apt-pinning

diff --git a/Dockerfile b/Dockerfile
index 5415e1a..eb88e1d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,27 +1,31 @@
-FROM ubuntu
+FROM debian:jessie
+
 MAINTAINER "Patrick O'Doherty <p@trickod.com>"
 
 EXPOSE 9001
-ENV VERSION 0.2.5.10
+ENV DEBIAN_FRONTEND noninteractive
 
+ADD apt-pinning /etc/apt/preferences.d/pinning
+RUN echo 'deb http://deb.torproject.org/torproject.org jessie main' > /etc/apt/sources.list.d/tor.list && \
+    gpg --keyserver keys.gnupg.net --recv 886DDD89 && \
+    gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
 RUN apt-get update && apt-get install -y \
-   build-essential \
-   curl \
-   libevent-dev \
-   libssl-dev
+    deb.torproject.org-keyring \
+    obfsproxy \
+    openssl \
+    tor
 
-RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz | tar xz -C /tmp
+# tor-arm does not work in Docker container:
+# _curses.error: setupterm: could not find terminal
+# Install outside of the Docker container if required.
 
-RUN cd /tmp/tor-${VERSION} && ./configure
-RUN cd /tmp/tor-${VERSION} && make
-RUN cd /tmp/tor-${VERSION} && make install
+WORKDIR /var/lib/tor
 
 ADD ./torrc /etc/torrc
 # Allow you to upgrade your relay without having to regenerate keys
-VOLUME /.tor
-
+VOLUME /var/lib/tor
 
 # Generate a random nickname for the relay
 RUN echo "Nickname docker$(head -c 16 /dev/urandom  | sha1sum | cut -c1-10)" >> /etc/torrc
 
-CMD /usr/local/bin/tor -f /etc/torrc
+CMD /usr/bin/tor -f /etc/torrc
diff --git a/apt-pinning b/apt-pinning
new file mode 100644
index 0000000..b5cf308
--- /dev/null
+++ b/apt-pinning
@@ -0,0 +1,3 @@
+Package: *
+Pin: origin "deb.torproject.org"
+Pin-Priority: 800
diff --git a/torrc b/torrc
index a0dffb9..2ea06c2 100644
--- a/torrc
+++ b/torrc
@@ -1,4 +1,6 @@
 Log notice stdout
 ExitPolicy reject *:*
+# User debian-tor
+DataDirectory /var/lib/tor
 ORPort 9001
 

From d46ed1479a62be1c801d28071bb3cbdc39487ef5 Mon Sep 17 00:00:00 2001
From: Robin Schneider <ypid@riseup.net>
Date: Fri, 1 May 2015 21:36:11 +0200
Subject: [PATCH 2/2] Migrate to default directory structure. Related to
 https://github.com/patrickod/docker-tor/pull/9.

---
 Dockerfile   |  7 ++++++-
 bootstrap.sh | 12 ++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 bootstrap.sh

diff --git a/Dockerfile b/Dockerfile
index eb88e1d..08e87e7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,12 @@ ADD ./torrc /etc/torrc
 # Allow you to upgrade your relay without having to regenerate keys
 VOLUME /var/lib/tor
 
+VOLUME /.tor
+# Legacy … can be removed when all users have updated and run the new container once.
+
 # Generate a random nickname for the relay
 RUN echo "Nickname docker$(head -c 16 /dev/urandom  | sha1sum | cut -c1-10)" >> /etc/torrc
+ADD bootstrap.sh /usr/bin/
+RUN chmod +x /usr/bin/bootstrap.sh
 
-CMD /usr/bin/tor -f /etc/torrc
+CMD /usr/bin/bootstrap.sh
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100644
index 0000000..ca71b79
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ -d "/root/.tor" ]; then
+    echo "Clean up legacy stuff."
+    mv /root/.tor/* /var/lib/tor
+    rmdir "/root/.tor"
+fi
+
+chown root:root /var/lib/tor -R
+chmod a=,u=rwX /var/lib/tor -R
+
+/usr/bin/tor -f /etc/torrc