revise OS X relay instructions

We don't offer the vidalia bundle for OSX any more, therefore the https://www.torproject.org/docs/tor-doc-relay.html.en are wrong for Macs. Best options appear to be TBB open all the time, or homebrew recipes like https://github.com/mtigas/homebrew-tor

added component::webpages/website priority::medium resolution::fixed status::closed type::defect labels

Trac:
Cc: N/A to mo

For "just Tor", pointing at Homebrew should be good enough, right? It does bring the latest stable: https://github.com/mxcl/homebrew/blob/master/Library/Formula/tor.rb

The recipes look easy enough for one of us to handle "maintaining" at least the stable version there, maybe even the alpha?

I guess we should still encourage people to verify the signature. I am not sure how homebrew works and where it keeps the downloaded source.

I have committed a first version of the new instructions for Homebrew (rev 26005). I don't own a Mac, so there are some sections I am unsure about (verification, uninstall, configuration location, sample config), but they should definitely be an improvement over the old useless instructions.

Can someone fill me in on how to configure Tor to run as daemon?

The document also states that at least 20kb/s are a good contribution as a relay. I don't think that's good advice nowadays.

Trac:
Status: new to needs_review

Replying to mo:

I have committed a first version of the new instructions for Homebrew (rev 26005). I don't own a Mac, so there are some sections I am unsure about (verification, uninstall, configuration location, sample config), but they should definitely be an improvement over the old useless instructions.

Can someone fill me in on how to configure Tor to run as daemon?

The document also states that at least 20kb/s are a good contribution as a relay. I don't think that's good advice nowadays.

I have a Mac with Homebrew. Where can I see the new writeup?

Trac:
Username: arfarf

Hi arfarf! The new/current writeup is live at https://www.torproject.org/docs/tor-doc-osx.html.en .

I have a few concerns with steps 1 and 2, and usage of Homebrew in general.

Step 1:

ruby -e "$(curl -fsSkL raw.github.com/mxcl/homebrew/go)"

This will insecurely (-k = no certificate checks) load code from Homebrew and send it to the ruby interpreter. This is how Homebrew advertises their install method, but it isn't secure in the slightest. I'm not aware any reasonably secure way to bootstap Homebrew, as it wasn't designed with security in mind.

brew install tor

The only verification done here will be a check of the MD5 checksum provided by brew. I suppose it may be possible to download the Tor tarball, confirm the signature with GPG, and move the tarball to the /Library/Caches directory before running the install command; however any minor mistakes in the process would just cause brew to download the source.

A better solution may be packaging and signing a standalone Tor relay build, so that concerned end-users can verify GPG signatures.

Trac:
Username: arfarf

If users are willing to put up with the inherently insecure nature of Homebrew, the following command can be run in Terminal to start Tor when the user logs in:

ln -sfv /usr/local/opt/tor/*.plist ~/Library/LaunchAgents
launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist

The user will then need to create a torrc in /usr/local/etc/tor. Homebrew installs /usr/local/etc/tor/torrc.sample which can be modified.

Starting Tor as a system daemon is more complicated. A user will have to do something similar to the following.

1. Create /Library/LaunchDaemons/org.torproject.tor.plist with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.torproject.tor</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/tor</string>
        <string>-f</string>
        <string>/usr/local/etc/tor/torrc</string>
    </array>
    <key>KeepAlive</key>
    <true/>
</dict>
</plist>

2. Create a user for the Tor daemon
3. Create a data directory for the Tor daemon. /var/db/tor would be a good choice. The permissions will have to be changed in this directory to allow access for the user created in 2.
4. Modify /usr/local/etc/tor/torrc to include this valid DataDirectory and User.

Trac:
Username: arfarf

Should we merge this with https://trac.torproject.org/projects/tor/wiki/doc/MacRunOnBoot ? (Or, perhaps, remove MacRunOnBoot entirely when this is finished?)

I've attached an example, annotated org.torproject.tor.plist which has the following functionality:

• Log stdout and stderr
• Wait for network before running tor
• Play nice with other apps (CPU, I/O)
• Open greater than the default 512/1024 file/connection limit

Trac:
org.torproject.tor.plist

Annotated LaunchDaemon plist file for tor

Removing MacRunOnBoot sounds fine. I'm updating the instructions to use macports, which actually signs its releases.

updated description to use macports

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

closed

mentioned in issue #13412 (moved)

moved to tpo/web/trac#7989 (closed)