torrc.d is comming

1 Like
1 Like

Again, thank your very much for your instructions, Patrick!

Done:

https://github.com/Whonix/anon-gw-anonymizer-config/pull/9

I set User=root in /lib/systemd/system/anon-gw-anonymizer-config.service. Otherwise, I do not know how to write to /use/local.

We should avoid any %include directory for now.

https://github.com/Whonix/anon-gw-anonymizer-config/pull/9/commits/17c3df9b7eb4d2ec496df8a262573fb85bb59379

1 Like
1 Like

Systemd units running as root is the systemd default. I doubt any of the
units in /lib/systemd/system/ use User=root. So this can be dropped.

1 Like

All merged, thanks! :slight_smile:

Some commits on top.

WantedBy… Not easy to explain. I learned this mostly by looking at other systemd unit files.
https://www.freedesktop.org/software/systemd/man/systemd.unit.html

Could you please review my latest additions?

1 Like

Hi Patrick!

For unknown reason, the latest tor@default.service does not work as expected:

sudo rm -r /usr/local/etc

Expected behavior: systemctl restart tor@default.service will run anon-gw-anonymizer-config.service which will grantee /usr/local/etc/torrc.d and the two files in it.
Actually, anon-gw-anonymizer-config.service will not be run, causing the Tor fail to start due to the missing torrc files. Running systemctl restart anon-gw-anonymizer-config.service manually will works fine though.

I tried to debug it by removing several additional commit but I did not figure out the reason.

1 Like

Works as expected by me. It only works after boot. (And this is important because that helps our torrc.d implementation also also creating the files in time for first boot and even in Qubes-Whonix.) It is to cover the Whonix specific implementation (which is not simple with Qubes vs persistence of TemplateBased VMs) so we can provide a config file for acw and user-modified-only. I think this is sufficient. (Deleting /usr/local/etc and then rebooting works as well.)

The case that the user deletes files and user restarts Tor is not covered.

  • Are there other systemd unit files where once you restart them, also another systemd unit gets restarted automatically beforehand?
  • Are there any other daemons that file to start if their config file is missing?
  • Are there any other daemons where missing config files in /etc (root required!) will be automagically created if missing?
  • If the user starts deleting files, it’s up to the user to fix?

(We could even do the opposite. Doing this creation of files only at first boot and not again.)

1 Like

https://github.com/Whonix/anon-gw-anonymizer-config/pull/11

1 Like

Whonix 14 repository Tor package was upgraded. Just now uploaded.

user@host:~$ anon-info
INFO: version of the 'tor' package: 0.3.3.7-1~d90.stretch+1

Would %include /etc/torrc.d/*.conf work now? If so, could you make the pull request please?

1 Like

I tried the latest uploaded Tor. No, it doesn’t work.

I’ve been keeping an eye on the ticket and the status is still needs_revision. Jigsaw52 has not been working on it after the review by ahf:


I will keep an eye on it and do a PR whenever the feature is ready.

Note: anon-verify also needs to be changed to simulate new parsing rule when it’s ready.

1 Like

Debian likes neither:

  • /etc/torrc.d/
  • /usr/local/etc/torrc.d/

Source:
Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910017

Maybe it will be /etc/tor/torrc.d/ but it’s not yet finally decided.

1 Like

Since still not done I am considering to create a script that runs before Tor which would move any files not ending with *.conf out of the way. May be possible to start using systemd drop-in ExecStartPre.

2 Likes

Implemented in git master.

2 Likes

This was implemented in testers repository. In essence:

/etc/tor/torrc :

%include /etc/torrc.d/

/etc/torrc.d/95_whonix.conf :

%include /usr/local/etc/torrc.d/

/usr/local/etc/torrc.d/ folder:

40_tor_control_panel.conf 50_user.conf


2 Likes

https://github.com/Whonix/anon-gw-anonymizer-config/commit/3a6b47c6b9c23fceb4ea4d75b78d88e9f4f8ba4b

https://github.com/Whonix/anon-gw-anonymizer-config/commit/702dc5191fbc85933b576e64105513c983f0b5e1

2 Likes

/etc/torrc.d/*.conf / /usr/local/etc/torrc.d/*.conf support might be causing issues.

If that is the case it can be solved by adding to documentation to manually run torrc-d-cleaner before restarting Tor or perhaps a usability tool which does both (run torrc-d-cleaner + restart Tor).

On top of that anon-verify has a bug and does not show all config files which makes debugging for users harder. I am working on it.

1 Like

anon-verify fixes and torrc.d improvements:

Comparing 40c48fc0414828f48c5ff9465d839458c8b35b25...6c9644c5e2ba88414e76f7f319baba5201b68439 · Whonix/anon-gw-anonymizer-config · GitHub

anon-connection-wizard vs torrc.d fixes:

Comparing 5381f910ad2a669cae65e984c2f7eb05d1267dfd...ae730db23057a8a2bd8588e78f8a88fca61b1d84 · Kicksecure/anon-connection-wizard · GitHub

1 Like

These fixes are now in the testers repository.

1 Like