From c5f2f208099c3e0b2e52e5afd28011063e9761cb Mon Sep 17 00:00:00 2001
From: William Budington <bill@eff.org>
Date: Mon, 23 Feb 2015 15:00:40 -0800
Subject: [PATCH 1/3] Cleanup build steps

---
 Dockerfile | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5415e1a..143368d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,9 +12,10 @@ RUN apt-get update && apt-get install -y \
 
 RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz | tar xz -C /tmp
 
-RUN cd /tmp/tor-${VERSION} && ./configure
-RUN cd /tmp/tor-${VERSION} && make
-RUN cd /tmp/tor-${VERSION} && make install
+WORKDIR /tmp/tor-${VERSION}
+RUN ./configure
+RUN make
+RUN make install
 
 ADD ./torrc /etc/torrc
 # Allow you to upgrade your relay without having to regenerate keys

From 0b8d73ca94e04e438f475868c1960f31e894a97f Mon Sep 17 00:00:00 2001
From: William Budington <bill@eff.org>
Date: Mon, 23 Feb 2015 15:40:10 -0800
Subject: [PATCH 2/3] Get tor source securely, verify with signing keys

---
 Dockerfile | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 143368d..09f11e7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,28 @@ RUN apt-get update && apt-get install -y \
    libevent-dev \
    libssl-dev
 
-RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz | tar xz -C /tmp
+# Get signing keys securely
+# Ref: https://www.torproject.org/docs/signing-keys.html.en
+RUN mkdir /tmp/gpg
+RUN chmod 700 /tmp/gpg
+# Roger Dingledine
+RUN gpg --homedir /tmp/gpg --keyserver keys.gnupg.net --recv 19F78451
+RUN gpg --homedir /tmp/gpg --export F65CE37F04BA5B360AE6EE17C218525819F78451 | gpg --import -
+# Nick Mathewson
+RUN gpg --homedir /tmp/gpg --keyserver keys.gnupg.net --recv 165733EA
+RUN gpg --homedir /tmp/gpg --export B35BF85BF19489D04E28C33C21194EBB165733EA | gpg --import -
+RUN rm -rf /tmp/gpg
+
+WORKDIR /tmp/
+
+RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz > tor.tar.gz
+RUN curl https://dist.torproject.org/tor-${VERSION}.tar.gz.asc > tor.tar.gz.asc
+
+# Verify source tarball
+RUN gpg --verify tor.tar.gz.asc
+
+RUN tar xzf tor.tar.gz
+RUN rm tor.tar.gz tor.tar.gz.asc
 
 WORKDIR /tmp/tor-${VERSION}
 RUN ./configure

From a3d8afdcf20d47f336ec67476916ed75ce53d9c7 Mon Sep 17 00:00:00 2001
From: William Budington <bill@eff.org>
Date: Mon, 23 Feb 2015 15:45:44 -0800
Subject: [PATCH 3/3] Makefile for building and running

---
 Makefile | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 Makefile

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..5b320d8
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,5 @@
+#!/bin/bash
+build:
+	docker build -t tor-server .
+run:
+	docker rm -f tor-server 2> /dev/null; docker run -d --name tor-server tor-server