security/arti: Fix rc.d service using daemon, update URL

GIDs

@@ -251,7 +251,7 @@ jicofo:*:307:jitsi
 jvb:*:308:jitsi
 wazuh:*:309:
 cardano:*:310:
-# free: 311
+_arti:*:311:
 _sphinx:*:312:
 _fastdfs:*:313:
 # free: 314

UIDs

@@ -256,7 +256,7 @@ jicofo:*:307:307::0:0:Jitsi Conference Focus Owner:/nonexistent:/usr/sbin/nologi
 jvb:*:308:308::0:0:Jitsi VideoBridge Owner:/nonexistent:/usr/sbin/nologin
 wazuh:*:309:309::0:0:Wazuh Owner:/var/ossec:/usr/sbin/nologin
 cardano:*:310:310::0:0:Cardano Node Daemon:/nonexistent:/usr/sbin/nologin
-# free: 311
+_arti:*:311:311::0:0:Arti Daemon:/nonexistent:/usr/sbin/nologin
 _sphinx:*:312:312::0:0:Sphinxsearch Owner:/nonexistent:/usr/sbin/nologin
 _fastdfs:*:313:313::0:0:FastDFS Owner:/nonexistent:/usr/sbin/nologin
 # free: 314

security/arti/Makefile

@@ -1,19 +1,20 @@
 PORTNAME=	arti
 DISTVERSION=	1.0.0
+PORTREVISION=	1
 CATEGORIES=	security
 
 MAINTAINER=	cs@FreeBSD.org
 COMMENT=	Implementation of Tor, in Rust
-WWW=		https://gitlab.torproject.org/tpo/core/arti/
+WWW=		https://arti.torproject.org/
 
 LICENSE=	MIT
 
 USES=		cargo sqlite ssl
 USE_RC_SUBR=	arti
-#GROUPS=		_arti
-#USERS=		_arti
-#SUB_LIST=	USER="${USERS}" GROUP="${GROUPS}"
-#PLIST_SUB=	USER="${USERS}" GROUP="${GROUPS}"
+GROUPS=		_arti
+USERS=		_arti
+SUB_LIST=	USERS="${USERS}" GROUPS="${GROUPS}"
+PLIST_SUB=	USERS="${USERS}" GROUPS="${GROUPS}"
 USE_GITLAB=	yes
 GL_SITE=	https://gitlab.torproject.org
 GL_ACCOUNT=	tpo/core

security/arti/files/arti.in

@@ -1,37 +1,54 @@
 #!/bin/sh
 
-# $FreeBSD$
-#
 # PROVIDE: arti
-# REQUIRE: LOGIN
-# KEYWORD: shutdown
+# REQUIRE: DAEMON FILESYSTEMS
+# BEFORE: LOGIN
 #
 # Add these lines to /etc/rc.conf.local or /etc/rc.conf
 # to enable this service:
 #
 # arti_enable (bool):	Set to NO by default.
 #			Set it to YES to enable arti.
-# arti_config (path):	Set to %%PREFIX%%/etc/arti/arti.cf
+# arti_config (path):	Set to %%PREFIX%%/etc/arti/arti.toml
 #			by default.
-# arti_user (str):      Arti daemon user. Default: %%USER%%
-# arti_pidfile (str):   Arti pid file.  Default: /var/run/arti/arti.pid
-
+# arti_user (str):      Arti daemon user. Default: %%USERS%%
+# arti_group (str):     Arti daemon group. Default: %%GROUPS%%
 
 . /etc/rc.subr
 
-name=arti
-rcvar=arti_enable
+name="arti"
+rcvar="arti_enable"
 
 load_rc_config $name
 
 : ${arti_enable:="NO"}
 : ${arti_config="%%PREFIX%%/etc/arti/arti.toml"}
-: ${arti_pidfile="/var/run/arti/arti.pid"}
-: ${arti_logfile="/var/log/arti/arti.log"}
+: ${arti_user="%%USERS%%"}
+: ${arti_group="%%GROUPS%%"}
 
-command=/usr/sbin/daemon
-arti=%%PREFIX%%/bin/${name}
+pidfiledir="/var/run/${name}"
+pidfile="${pidfiledir}/${name}.pid"
+logfiledir="/var/log/${name}"
+logfile="${logfiledir}/${name}.log"
+dbfiledir="/var/db/${name}"
+command="/usr/sbin/daemon"
+procname="%%PREFIX%%/bin/${name}"
 
-command_args="-f -o $arti_logfile -P $arti_pidfile $arti proxy -c $arti_config"
+command_args="-f -o $logfile -p $pidfile $procname proxy --config $arti_config"
+
+start_precmd="${name}_prestart"
+
+arti_prestart()
+{
+	if [ ! -d ${pidfiledir} ]; then
+		install -d -o ${arti_user} -g ${arti_group} ${pidfiledir}
+	fi
+	if [ ! -d ${logfiledir} ]; then
+		install -d -o ${arti_user} -g ${arti_group} ${logfiledir}
+	fi
+	if [ ! -d ${dbfiledir} ]; then
+		install -d -o ${arti_user} -g ${arti_group} ${dbfiledir}
+	fi
+}
 
 run_rc_command "$1"

security/arti/files/patch-crates_arti_src_arti-example-config.toml

@@ -1,11 +1,13 @@
---- crates/arti/src/arti-example-config.toml.orig	2022-05-29 12:30:55 UTC
+--- crates/arti/src/arti-example-config.toml.orig	2022-09-25 15:06:18 UTC
 +++ crates/arti/src/arti-example-config.toml
-@@ -62,7 +62,7 @@
+@@ -86,8 +86,8 @@
  #
  # The state directory is not yet used.
  [storage]
 -#cache_dir = "${ARTI_CACHE}"
-+cache_dir = "/var/db/arti"
- #state_dir = "${ARTI_LOCAL_DATA}"
+-#state_dir = "${ARTI_LOCAL_DATA}"
++cache_dir = "/var/db/arti/"
++state_dir = "/var/db/arti/"
  
  # Describe how to enforce permissions on the filesystem when accessing the cache
+ # and state directories.  (This does not apply to configuration files)