Page MenuHomePhabricator

anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue
Closed, ResolvedPublic

Description

package:
https://github.com/Whonix/anon-ws-disable-stacked-tor

file:
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist


We probably won't ship our own systemd unit file for Tor (T304).

But what happens if upstream starts shipping one? (tor.service) ((bug report))


This is visible during package installation / upgrade.

update-rc.d: using dependency based boot sequencing
insserv: script tor.anondist-orig: service tor already provided!

Similar issue as T321. (fixed)

Details

Impact
Normal

Event Timeline

Patrick created this task.May 15 2015, 2:09 AM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, nrgaway.
Patrick changed the status of subtask T304: systemd unit file for Tor package? from Open to Review.May 23 2015, 4:50 PM
Patrick renamed this task from anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd to anon-ws-disable-stacked-tor/blob/master/etc/init.d/tor.anondist vs systemd, insserv already provided issue.May 23 2015, 6:59 PM
Patrick updated the task description. (Show Details)

fixed 'insserv: script tor.anondist-orig: service tor already provided!' warning during upgrades - https://phabricator.whonix.org/T303:
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/12691426c9f0bfd561ce369e90158b9dcd1132ae

Patrick updated the task description. (Show Details)May 28 2015, 6:34 PM
Patrick updated the task description. (Show Details)May 28 2015, 7:30 PM
Patrick changed the task status from Open to Review.May 28 2015, 9:57 PM

Tested by placing /lib/systemd/system/tor.service from https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in (removed spaces).

# tor.service -- this systemd configuration file for Tor sets up a
# relatively conservative, hardened Tor service.  You may need to
# edit it if you are making changes to your Tor configuration that it
# does not allow.  Package maintainers: this should be a starting point
# for your tor.service; it is not the last point.

[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target

[Service]
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=30
Restart=on-failure
WatchdogSec=1m
LimitNOFILE=32768

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

systemd compatibility - https://phabricator.whonix.org/T303:
https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/21a6f2be78497432fdfb207663fd3aa46832ab43

Patrick closed this task as Resolved.Jun 6 2015, 5:40 PM
Patrick claimed this task.

Fixed in Whonix 10.0.0.2.3.