-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi Pascal,
what do you think of changing OpenBSD's tor rc script to require perfect process matches when sending signals to them instead of the current "kill everything that starts with..." approach?
I've put tor-relays on CC so people can speak up if this change is not desired or breaks anyone's environment - I believe it fixes them.
Problem:
/etc/rc.d/tor stop might kill all (including unrelated) tor instances instead of the intended daemon only.
/etc/rc.d/tor start might never start the intended daemon if another tor instance is already running (rc_check believes tor is already running).
/etc/rc.d/tor restart might kill all tor instances and starts only one.
references: http://article.gmane.org/gmane.os.openbsd.misc/222896
One line "patch" for /etc/rc.d/tor to address this issue: (tested with and without custom daemon_flags)
8a9,10
pexp="${daemon}${daemon_flags:+ ${daemon_flags}}$"
(this line is a complete copy from rc.subr with the addition of one char: $ )
thanks, nusenu
https://github.com/nusenu/ansible-relayor/issues/40
nusenu nusenu@openmailbox.org wrote:
what do you think of changing OpenBSD's tor rc script to require perfect process matches when sending signals to them instead of the current "kill everything that starts with..." approach?
I've put tor-relays on CC so people can speak up if this change is not desired or breaks anyone's environment - I believe it fixes them.
While I don't use the OpenBSD port, I think using the --PidFile option would be more reliable. It's already used by the FreeBSD port and works as expected.
One line "patch" for /etc/rc.d/tor to address this issue: (tested with and without custom daemon_flags)
8a9,10
pexp="${daemon}${daemon_flags:+ ${daemon_flags}}$"
Did you test with custom flags like "--+Log ${tor_loglevel} file ${tor_logfile}"? I suspect that the "+" and similar characters will make problems.
Fabian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
what do you think of changing OpenBSD's tor rc script to require perfect process matches when sending signals to them instead of the current "kill everything that starts with..." approach?
I've put tor-relays on CC so people can speak up if this change is not desired or breaks anyone's environment - I believe it fixes them.
While I don't use the OpenBSD port, I think using the --PidFile option would be more reliable. It's already used by the FreeBSD port and works as expected.
I'm certainly not aiming to change rc.subr's design ;)
(and finding the pidfile in a generic way is also probably non trivial)
One line "patch" for /etc/rc.d/tor to address this issue: (tested with and without custom daemon_flags)
8a9,10
pexp="${daemon}${daemon_flags:+ ${daemon_flags}}$"
Did you test with custom flags like "--+Log ${tor_loglevel} file ${tor_logfile}"?
This should read "--Log" no?
- From tor's man page:
Other options can be specified on the command-line in the format "--option value", in the format "option value", or in a configuration file.
nusenu nusenu@openmailbox.org wrote:
One line "patch" for /etc/rc.d/tor to address this issue: (tested with and without custom daemon_flags)
8a9,10
pexp="${daemon}${daemon_flags:+ ${daemon_flags}}$"
Did you test with custom flags like "--+Log ${tor_loglevel} file ${tor_logfile}"?
This should read "--Log" no?
While I prefer using neither "--Log" nor "--+Log", the latter is valid syntax and used in the real world: https://svnweb.freebsd.org/ports/head/security/tor-devel/files/tor.in?view=m...
For details see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=167482
In the ElectroBSD version of the port I recently went with the mentioned "specify all log files in the torrc" strategy ...
- From tor's man page:
Other options can be specified on the command-line in the format "--option value", in the format "option value", or in a configuration file.
Looks like the man page is incomplete.
Fabian
On Tue, Jun 23, 2015 at 01:09:07PM +0200, Fabian Keil wrote:
In the ElectroBSD version of the port I recently went with the mentioned "specify all log files in the torrc" strategy ...
You might also enjoy the --defaults-torrc option, which you can use for giving Tor new defaults while still letting the user have her own torrc file.
(Debian used to patch src/or/config.c before building, but now they don't have to because of the defaults-torrc file. Tor Browser now uses it too.)
--Roger
The underlying problem has been fixed in rc.subr and no longer requires rc script customization to get a sane behavior by default.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?rev=1.99&c...
tor-relays@lists.torproject.org
-
Fabian Keil -
nusenu -
Roger Dingledine