Information
ID: 785
PHID: PHID-TASK-gx3udxfmpqdboun5frx7
Author: iry
Status at Migration Time: open
Priority at Migration Time: Normal
Description
We want to executing some scripts before starting Tor. For example, script that fix the missing file and directory or script that shows detailed Tor configuration report.
However, a drop-in file in /lib/systemd/system/tor@default.service.d may not work as expected. This is because, before executing the drop-in file, tor@default.service will check the tor configuration. If the --verify-config return non-zero, the tor@default.service will just fail and stop further executing, without giving the drop-in file a chance to fix the problem.
user@host:~$ grep -i “execstartpre” /lib/systemd/system/tor@default.service
ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /var/run/tor
ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config
[[ whonixcheck Whonix 14 ideas - #18 by Patrick | Patrick proposed a workaround that ]]:
we can extend /lib/systemd/system/tor.service with ExecStartPre=… systemd unit file drop-in instead.
[…]
Maybe we shouldn’t tell users to engage with sudo systemctl restart tor@default.service directly but use sudo systemctl restart tor.service instead.
This approach has been used by Qubes:
user@host:~$ ls -l /lib/systemd/system/tor.service.d
total 8
-rw-r--r-- 1 root root 90 Feb 22 11:49 30_qubes.conf
-rw-r--r-- 1 root root 313 Oct 21 2015 40_qubes.conf