Again, thank your very much for your instructions, Patrick!
/lib/systemd/system/anon-gw-anonymizer-config.service. Otherwise, I do not know how to write to
We should avoid any
%include directory for now.
Systemd units running as root is the systemd default. I doubt any of the
units in /lib/systemd/system/ use User=root. So this can be dropped.
All merged, thanks!
Some commits on top.
WantedBy… Not easy to explain. I learned this mostly by looking at other systemd unit files.
Could you please review my latest additions?
For unknown reason, the latest
email@example.com does not work as expected:
sudo rm -r /usr/local/etc
systemctl restart firstname.lastname@example.org will run
anon-gw-anonymizer-config.service which will grantee
/usr/local/etc/torrc.d and the two files in it.
anon-gw-anonymizer-config.service will not be run, causing the Tor fail to start due to the missing torrc files. Running
systemctl restart anon-gw-anonymizer-config.service manually will works fine though.
I tried to debug it by removing several additional commit but I did not figure out the reason.
Works as expected by me. It only works after boot. (And this is important because that helps our torrc.d implementation also also creating the files in time for first boot and even in Qubes-Whonix.) It is to cover the Whonix specific implementation (which is not simple with Qubes vs persistence of TemplateBased VMs) so we can provide a config file for acw and user-modified-only. I think this is sufficient. (Deleting /usr/local/etc and then rebooting works as well.)
The case that the user deletes files and user restarts Tor is not covered.
- Are there other systemd unit files where once you restart them, also another systemd unit gets restarted automatically beforehand?
- Are there any other daemons that file to start if their config file is missing?
- Are there any other daemons where missing config files in /etc (root required!) will be automagically created if missing?
- If the user starts deleting files, it’s up to the user to fix?
(We could even do the opposite. Doing this creation of files only at first boot and not again.)
Whonix 14 repository Tor package was upgraded. Just now uploaded.
user@host:~$ anon-info INFO: version of the 'tor' package: 0.3.3.7-1~d90.stretch+1
%include /etc/torrc.d/*.conf work now? If so, could you make the pull request please?
I tried the latest uploaded Tor. No, it doesn’t work.
I’ve been keeping an eye on the ticket and the status is still
needs_revision. Jigsaw52 has not been working on it after the review by ahf:
I will keep an eye on it and do a PR whenever the feature is ready.
Note: anon-verify also needs to be changed to simulate new parsing rule when it’s ready.
Debian likes neither:
Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/
Maybe it will be
/etc/tor/torrc.d/ but it’s not yet finally decided.
Since still not done I am considering to create a script that runs before Tor which would move any files not ending with
*.conf out of the way. May be possible to start using systemd drop-in ExecStartPre.
Implemented in git master.
This was implemented in testers repository. In essence:
/usr/local/etc/torrc.d/*.conf support might be causing issues.
If that is the case it can be solved by adding to documentation to manually run torrc-d-cleaner before restarting Tor or perhaps a usability tool which does both (run torrc-d-cleaner + restart Tor).
On top of that anon-verify has a bug and does not show all config files which makes debugging for users harder. I am working on it.
anon-verify fixes and torrc.d improvements:
anon-connection-wizard vs torrc.d fixes:
These fixes are now in the testers repository.