torrc.d is comming


We should avoid any %include directory for now.



Systemd units running as root is the systemd default. I doubt any of the
units in /lib/systemd/system/ use User=root. So this can be dropped.


All merged, thanks! :slight_smile:

Some commits on top.

WantedBy… Not easy to explain. I learned this mostly by looking at other systemd unit files.

Could you please review my latest additions?


Hi Patrick!

For unknown reason, the latest tor@default.service does not work as expected:

sudo rm -r /usr/local/etc

Expected behavior: systemctl restart tor@default.service will run anon-gw-anonymizer-config.service which will grantee /usr/local/etc/torrc.d and the two files in it.
Actually, anon-gw-anonymizer-config.service will not be run, causing the Tor fail to start due to the missing torrc files. Running systemctl restart anon-gw-anonymizer-config.service manually will works fine though.

I tried to debug it by removing several additional commit but I did not figure out the reason.


Works as expected by me. It only works after boot. (And this is important because that helps our torrc.d implementation also also creating the files in time for first boot and even in Qubes-Whonix.) It is to cover the Whonix specific implementation (which is not simple with Qubes vs persistence of TemplateBased VMs) so we can provide a config file for acw and user-modified-only. I think this is sufficient. (Deleting /usr/local/etc and then rebooting works as well.)

The case that the user deletes files and user restarts Tor is not covered.

  • Are there other systemd unit files where once you restart them, also another systemd unit gets restarted automatically beforehand?
  • Are there any other daemons that file to start if their config file is missing?
  • Are there any other daemons where missing config files in /etc (root required!) will be automagically created if missing?
  • If the user starts deleting files, it’s up to the user to fix?

(We could even do the opposite. Doing this creation of files only at first boot and not again.)



Whonix 14 repository Tor package was upgraded. Just now uploaded.

user@host:~$ anon-info
INFO: version of the 'tor' package:

Would %include /etc/torrc.d/*.conf work now? If so, could you make the pull request please?


I tried the latest uploaded Tor. No, it doesn’t work.

I’ve been keeping an eye on the ticket and the status is still needs_revision. Jigsaw52 has not been working on it after the review by ahf:


I will keep an eye on it and do a PR whenever the feature is ready.

Note: anon-verify also needs to be changed to simulate new parsing rule when it’s ready.


Debian likes neither:

  • /etc/torrc.d/
  • /usr/local/etc/torrc.d/

Apparmor profile whitelist /etc/torrc.d/ and /usr/local/etc/torrc.d/

Maybe it will be /etc/tor/torrc.d/ but it’s not yet finally decided.