-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi weasel,
following your comment [1] about your plans to use systemd instead of init.d scripts I prepared unit files [2] - tested with debian jessie.
Would be great if you could comment on them.
Since it feels a bit as if I would use the wrong communication channel (trac), please let me know if I should move this elsewhere.
thanks, Nusenu
[1] https://trac.torproject.org/projects/tor/ticket/14995#comment:14 [2] https://trac.torproject.org/projects/tor/ticket/14995#comment:24
https://github.com/nusenu/tor-multi-instance-initscripts/blob/master/debian/... https://github.com/nusenu/tor-multi-instance-initscripts/blob/master/debian/...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi Weasel,
following your comment [1] about your plans to use systemd instead of init.d scripts I prepared unit files [2] - tested with debian jessie.
Would be great if you could comment on them.
Since it feels a bit as if I would use the wrong communication channel (trac), please let me know if I should move this elsewhere.
Now that jessie and vivid is released and debian's systemd has a bug [1] with legacy sysv scripts I wanted to ask what the status of the systemd integration is. Do you have any plans on it?
I think systemd support would also improve security when taking advantage of systemd's security features - a few of them are unfortunately buggy and therefore disabled in the files below.
tested with jessie: https://github.com/nusenu/ansible-relayor/blob/master/files/debian_tor%40.se...
tested with vivid: https://github.com/nusenu/ansible-relayor/blob/master/files/ubuntu_tor%40.se...
thanks, nusenu
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751638
Hi,
[dropping Weasel from the Cc list as I'm pretty sure he reads tor-dev@.]
nusenu wrote (28 Apr 2015 11:15:25 GMT) :
Now that jessie and vivid is released and debian's systemd has a bug [1] with legacy sysv scripts
FYI this is blocked by missing functionality in sysv-rc's update-rc.d.
I wanted to ask what the status of the systemd integration is. Do you have any plans on it?
This is being worked on there: https://bugs.debian.org/761403 (which should be a more appropriate forum to discuss this topic.)
I think systemd support would also improve security when taking advantage of systemd's security features - a few of them are unfortunately buggy and therefore disabled in the files below.
Please report such bugs:
* to the Tor project's Trac if they are bugs in contrib/dist/tor.service.in as shipped with tor * to the systemd bug tracker if they are bugs in systemd itself
Thanks!
tested with jessie: https://github.com/nusenu/ansible-relayor/blob/master/files/debian_tor%40.se...
I get a 404 there.
Cheers, -- intrigeri
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi intrigeri,
thanks your reply.
This is being worked on there: https://bugs.debian.org/761403 (which should be a more appropriate forum to discuss this topic.)
I didn't want to report bugs/feature request in debian's bts for a non-debian repo (deb.torproject.org). This resulted in a situation where tor's trac is apparently not accepted by the maintainer and debian's bts is not entirely the correct place(?) either, but with that info I'll just use debian's bts for similar matters in the future - thanks for suggesting this and the pointer to the current ticket.
Please report such bugs:
- to the Tor project's Trac if they are bugs in
contrib/dist/tor.service.in as shipped with tor
I did so in the past but since I don't know any packages actually using that service file shipped by tor https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in I'll probably just report any bugs/RFEs against the package instead of tor itself. I hope this makes sense. (The service file in tor does not say on which distributions it should work and generic service file won't make use of the distribution specific features.)
- to the systemd bug tracker if they are bugs in systemd itself
https://bugs.freedesktop.org/show_bug.cgi?id=89875#c2 http://lists.freedesktop.org/archives/systemd-devel/2015-April/031377.html
If anyone is interested in systemd problems I stumble on in the tor context: https://github.com/nusenu/ansible-relayor/issues?utf8=%E2%9C%93&q=is%3Ai...
tested with jessie: https://github.com/nusenu/ansible-relayor/blob/master/files/debian_tor%40.se...
I get a 404 there.
The file moved to a new location and has become an ansible template (=dynamically created) instead of a static file to "improve" security [1]. CapabilityBoundingSet is dynamically build depending on which capabilities are actually required (related to [2]). This is not something you will be able to do in a service file that ships with a package, but you can still copy that service file and simply remove lines 31 and 36-39 of it [4].
Note: The dynamic service file adjustment I'm using is only a temporary workaround until [3] gets addressed - which I don't expect to happen in 2015.
[1] https://github.com/nusenu/ansible-relayor/commit/cc7530a820fd2b4fd579598f6a1... [2] https://lists.torproject.org/pipermail/tor-dev/2015-April/008638.html [3] https://trac.torproject.org/projects/tor/ticket/15659 [4] https://github.com/nusenu/ansible-relayor/blob/master/templates/debian_tor%4...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
intrigeri:
This is being worked on there: https://bugs.debian.org/761403 (which should be a more appropriate forum to discuss this topic.)
Also for the ubuntu packages?
nusenu wrote (02 May 2015 16:04:13 GMT) :
intrigeri:
This is being worked on there: https://bugs.debian.org/761403 (which should be a more appropriate forum to discuss this topic.)
Also for the ubuntu packages?
AFAIK the Ubuntu packages are just the Debian one, rebuilt for Ubuntu. I'm not aware of any Ubuntu-specific Tor packaging effort.
Cheers, -- intrigeri
-
intrigeri -
Nusenu -
nusenu