Page MenuHomePhabricator

anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue
Closed, ResolvedPublic

Description

package:
https://github.com/Whonix/anon-ws-disable-stacked-tor

file:
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist


We probably won't ship our own systemd unit file for Tor (T304).

But what happens if upstream starts shipping one? (tor.service) ((bug report))


This is visible during package installation / upgrade.

update-rc.d: using dependency based boot sequencing
insserv: script tor.anondist-orig: service tor already provided!

Similar issue as T321. (fixed)

Details

Impact
Normal

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, nrgaway.
Patrick renamed this task from anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd to anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue.May 23 2015, 4:59 PM
Patrick updated the task description. (Show Details)

fixed 'insserv: script tor.anondist-orig: service tor already provided!' warning during upgrades - https://phabricator.whonix.org/T303:
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/12691426c9f0bfd561ce369e90158b9dcd1132ae

Patrick changed the task status from Open to Review.May 28 2015, 7:57 PM

Tested by placing /lib/systemd/system/tor.service from https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in (removed spaces).

# tor.service -- this systemd configuration file for Tor sets up a
# relatively conservative, hardened Tor service.  You may need to
# edit it if you are making changes to your Tor configuration that it
# does not allow.  Package maintainers: this should be a starting point
# for your tor.service; it is not the last point.

[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target

[Service]
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=30
Restart=on-failure
WatchdogSec=1m
LimitNOFILE=32768

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

systemd compatibility - https://phabricator.whonix.org/T303:
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/21a6f2be78497432fdfb207663fd3aa46832ab43

Patrick claimed this task.

Fixed in Whonix 10.0.0.2.3.