[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [arm/master] fix: renaming torrc-override to torrcOverride



commit b05003e808913ec89a206ae9abec7031392e902b
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Tue Jul 26 19:26:51 2011 -0700

    fix: renaming torrc-override to torrcOverride
    
    Everything else uses camel case so changing to match.
---
 src/resources/torrc-override/override.c  |   50 ------
 src/resources/torrc-override/override.h  |    1 -
 src/resources/torrc-override/override.py |  265 ------------------------------
 src/resources/torrcOverride/override.c   |   50 ++++++
 src/resources/torrcOverride/override.h   |    1 +
 src/resources/torrcOverride/override.py  |  265 ++++++++++++++++++++++++++++++
 6 files changed, 316 insertions(+), 316 deletions(-)

diff --git a/src/resources/torrc-override/override.c b/src/resources/torrc-override/override.c
deleted file mode 100644
index b989584..0000000
--- a/src/resources/torrc-override/override.c
+++ /dev/null
@@ -1,50 +0,0 @@
-//
-// This is a very small C wrapper that invokes
-// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting
-// issues on the Gnu/Linux operating system.
-//
-// We assume you have installed it as such for GROUP
-// "debian-arm" - This should ensure that only members of the GROUP group will
-// be allowed to run this program. When run this program will execute the
-// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the
-// uid and group as marked by the OS.
-//
-// Compile it like so:
-// 
-//  make
-//
-// Or by hand like so:
-//
-//  gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c
-// 
-// Make it useful like so:
-//
-//  chown root:debian-arm tor-arm-replace-torrc
-//  chmod 04750 tor-arm-replace-torrc
-//
-// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-//
-// If you place a user inside of the $GROUP - they are now able to reconfigure
-// Tor. This may lead them to do nasty things on your system. If you start Tor
-// as root,  you should consider that adding a user to $GROUP is similar to
-// giving those users root directly.
-//
-// This program was written simply to help a users who run arm locally and is
-// not required if arm is communicating with a remote Tor process.
-//
-// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-//
-//
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include "tor-arm-replace-torrc.h"
-
-int main()
-{
-   return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL);
-}
diff --git a/src/resources/torrc-override/override.h b/src/resources/torrc-override/override.h
deleted file mode 100644
index 65adc9d..0000000
--- a/src/resources/torrc-override/override.h
+++ /dev/null
@@ -1 +0,0 @@
-#define TOR_ARM_REPLACE_TORRC HELPER_NAME
diff --git a/src/resources/torrc-override/override.py b/src/resources/torrc-override/override.py
deleted file mode 100755
index 6cfdbc6..0000000
--- a/src/resources/torrc-override/override.py
+++ /dev/null
@@ -1,265 +0,0 @@
-#!/usr/bin/python
-
-"""
-This overwrites the system wide torrc, located at /etc/tor/torrc, with the
-contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so
-this will effectively need root permissions and for us to be in GROUP.
-
-This file is completely unusable until we make a tor-arm user and perform
-other prep by running with the '--init' argument.
-
-After that's done this is meant to either be used by arm automatically after
-writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this
-automatically you'll either need to...
-
-- compile torrc-override.c, setuid on the binary, and move it to your path
-  cd /usr/share/arm/resources/torrc-override
-  make
-  chown root:tor-arm override
-  chmod 04750 override
-  mv override /usr/bin/torrc-override
-
-- allow passwordless sudo for this script
-  edit /etc/sudoers and add a line with:
-  <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrc-override/override.py
-
-To perform this manually run:
-/usr/share/arm/resources/torrc-override/override.py
-pkill -sighup tor
-"""
-
-import os
-import sys
-import grp
-import pwd
-import time
-import shutil
-import tempfile
-import signal
-
-USER = "tor-arm"
-GROUP = "tor-arm"
-TOR_CONFIG_FILE = "/etc/tor/torrc"
-ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc"
-
-HELP_MSG = """Usage %s [OPTION]
-  Backup the system wide torrc (%s) and replace it with the
-  contents of %s.
-
-  --init    creates the necessary user and paths
-  --remove  reverts changes made with --init
-""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE)
-
-def init():
-  """
-  Performs system preparation needed for this script to run, adding the tor-arm
-  user and setting up paths/permissions.
-  """
-  
-  # the following is just here if we have a custom destination directory (which
-  # arm doesn't currently account for)
-  if not os.path.exists("/bin/"):
-    print "making '/bin'..."
-    os.mkdir("/bin")
-  
-  if not os.path.exists("/var/lib/tor-arm/"):
-    print "making '/var/lib/tor-arm'..."
-    os.makedirs("/var/lib/tor-arm")
-  
-  if not os.path.exists("/var/lib/tor-arm/torrc"):
-    print "making '/var/lib/tor-arm/torrc'..."
-    open("/var/lib/tor-arm/torrc", 'w').close()
-  
-  try: gid = grp.getgrnam(GROUP).gr_gid
-  except KeyError:
-    print "adding %s group..." % GROUP
-    os.system("addgroup --quiet --system %s" % GROUP)
-    gid = grp.getgrnam(GROUP).gr_gid
-    print "  done, gid: %s" % gid
-  
-  try: pwd.getpwnam(USER).pw_uid
-  except KeyError:
-    print "adding %s user..." % USER
-    os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER))
-    uid = pwd.getpwnam(USER).pw_uid
-    print "  done, uid: %s" % uid
-  
-  os.chown("/bin", 0, 0)
-  os.chown("/var/lib/tor-arm", 0, gid)
-  os.chmod("/var/lib/tor-arm", 0750)
-  os.chown("/var/lib/tor-arm/torrc", 0, gid)
-  os.chmod("/var/lib/tor-arm/torrc", 0760)
-
-def remove():
-  """
-  Reverts the changes made by init, and also removes the optional
-  /bin/torrc-override binary if it exists.
-  """
-  
-  print "removing %s user..." % USER
-  os.system("deluser --quiet %s" % USER)
-  
-  print "removing %s group..." % GROUP
-  os.system("delgroup --quiet %s" % GROUP)
-  
-  # might not exist since this is compiled and placed separately
-  try:
-    print "removing '/bin/torrc-override'..."
-    os.remove("/bin/torrc-override")
-  except OSError:
-    print "  no such path"
-  
-  try:
-    print "removing '/var/lib/tor-arm'..."
-    shutil.rmtree("/var/lib/tor-arm/")
-  except Exception, exc:
-    print "  unsuccessful: %s" % exc
-
-def replaceTorrc():
-  orig_uid = os.getuid()
-  orig_euid = os.geteuid()
-  
-  # the USER and GROUP must exist on this system
-  try:
-    dropped_uid = pwd.getpwnam(USER).pw_uid
-    dropped_gid = grp.getgrnam(GROUP).gr_gid
-    dropped_euid, dropped_egid = dropped_uid, dropped_gid
-  except KeyError:
-    print "tor-arm user and group was not found, have you run this script with '--init'?"
-    exit(1)
-  
-  # if we're actually root, we skip this group check
-  # root can get away with all of this
-  if orig_uid != 0:
-    # check that the user is in GROUP
-    if not dropped_gid in os.getgroups():
-      print "Your user needs to be a member of the %s group for this to work" % GROUP
-      sys.exit(1)
-  
-  # drop to the unprivileged group, and lose the rest of the groups
-  os.setgid(dropped_gid)
-  os.setegid(dropped_egid)
-  os.setresgid(dropped_gid, dropped_egid, dropped_gid)
-  os.setgroups([dropped_gid])
-  
-  # make a tempfile and write out the contents
-  try:
-    tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally
-    
-    # allows our child process to write to tf.name (not only if their uid matches, not their gid) 
-    os.chown(tf.name, dropped_uid, orig_euid)
-  except:
-    print "We were unable to make a temporary file"
-    sys.exit(1)
-  
-  fork_pid = os.fork()
-  
-  # open the suspect config after we drop privs
-  # we assume the dropped privs are still enough to write to the tf
-  if (fork_pid == 0):
-    signal.signal(signal.SIGCHLD, signal.SIG_IGN)
-    
-    # Drop privs forever in the child process
-    # I believe this drops os.setfsuid os.setfsgid stuff
-    # Clear all other supplemental groups for dropped_uid
-    os.setgroups([dropped_gid])
-    os.setresgid(dropped_gid, dropped_egid, dropped_gid)
-    os.setresuid(dropped_uid, dropped_euid, dropped_uid)
-    os.setgid(dropped_gid)
-    os.setegid(dropped_egid)
-    os.setuid(dropped_uid)
-    os.seteuid(dropped_euid)
-    
-    try:
-      af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed
-      
-      # ensure that the fd we opened has the properties we requrie
-      configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD
-      if configStat.st_gid != dropped_gid:
-        print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP)
-        sys.exit(1)
-      
-      # if everything checks out, we're as safe as we're going to get
-      armConfig = af.read(1024 * 1024) # limited read but not too limited
-      af.close()
-      tf.file.write(armConfig)
-      tf.flush()
-    except:
-      print "Unable to open the arm config as unpriv'ed user"
-      sys.exit(1)
-    finally:
-      tf.close()
-      sys.exit(0)
-  else:
-    # If we're here, we're in the parent waiting for the child's death
-    # man, unix is really weird...
-    _, status = os.waitpid(fork_pid, 0)
-  
-  if status != 0:
-    print "The child seems to have failed; exiting!"
-    tf.close()
-    sys.exit(1)
-  
-  # attempt to verify that the config is OK
-  if os.path.exists(tf.name):
-    # construct our SU string
-    SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER
-    # We raise privs to drop them with 'su'
-    os.setuid(0)
-    os.seteuid(0)
-    os.setgid(0)
-    os.setegid(0)
-    # We drop privs here and exec tor to verify it as the dropped_uid 
-    print "Using Tor to verify that arm will not break Tor's config:"
-    success = os.system(SUSTRING)
-    if success != 0:
-      print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name)
-      sys.exit(1)
-  
-  # backup the previous tor config
-  if os.path.exists(TOR_CONFIG_FILE):
-    try:
-      backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time()))
-      shutil.copy(TOR_CONFIG_FILE, backupFilename)
-    except IOError, exc:
-      print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc)
-      sys.exit(1)
-  
-  # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name
-  try:
-    shutil.copy(tf.name, TOR_CONFIG_FILE)
-    print "Successfully reconfigured Tor"
-  except IOError, exc:
-    print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc)
-    sys.exit(1)
-  
-  # unlink our temp file
-  try:
-    os.remove(tf.name)
-  except:
-    print "Unable to close temp file %s" % tf.name
-    sys.exit(1)
-  
-  sys.exit(0)
-
-if __name__ == "__main__":
-  # sanity check that we're on linux
-  if os.name != "posix":
-    print "This is a script specifically for configuring Linux"
-    sys.exit(1)
-  
-  # check that we're running effectively as root
-  if os.geteuid() != 0:
-    print "This script needs to be run as root"
-    sys.exit(1)
-  
-  if len(sys.argv) < 2:
-    replaceTorrc()
-  elif len(sys.argv) == 2 and sys.argv[1] == "--init":
-    init()
-  elif len(sys.argv) == 2 and sys.argv[1] == "--remove":
-    remove()
-  else:
-    print HELP_MSG
-    sys.exit(1)
-
diff --git a/src/resources/torrcOverride/override.c b/src/resources/torrcOverride/override.c
new file mode 100644
index 0000000..b989584
--- /dev/null
+++ b/src/resources/torrcOverride/override.c
@@ -0,0 +1,50 @@
+//
+// This is a very small C wrapper that invokes
+// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting
+// issues on the Gnu/Linux operating system.
+//
+// We assume you have installed it as such for GROUP
+// "debian-arm" - This should ensure that only members of the GROUP group will
+// be allowed to run this program. When run this program will execute the
+// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the
+// uid and group as marked by the OS.
+//
+// Compile it like so:
+// 
+//  make
+//
+// Or by hand like so:
+//
+//  gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c
+// 
+// Make it useful like so:
+//
+//  chown root:debian-arm tor-arm-replace-torrc
+//  chmod 04750 tor-arm-replace-torrc
+//
+// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+//
+// If you place a user inside of the $GROUP - they are now able to reconfigure
+// Tor. This may lead them to do nasty things on your system. If you start Tor
+// as root,  you should consider that adding a user to $GROUP is similar to
+// giving those users root directly.
+//
+// This program was written simply to help a users who run arm locally and is
+// not required if arm is communicating with a remote Tor process.
+//
+// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+//
+//
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include "tor-arm-replace-torrc.h"
+
+int main()
+{
+   return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL);
+}
diff --git a/src/resources/torrcOverride/override.h b/src/resources/torrcOverride/override.h
new file mode 100644
index 0000000..65adc9d
--- /dev/null
+++ b/src/resources/torrcOverride/override.h
@@ -0,0 +1 @@
+#define TOR_ARM_REPLACE_TORRC HELPER_NAME
diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py
new file mode 100755
index 0000000..3e42892
--- /dev/null
+++ b/src/resources/torrcOverride/override.py
@@ -0,0 +1,265 @@
+#!/usr/bin/python
+
+"""
+This overwrites the system wide torrc, located at /etc/tor/torrc, with the
+contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so
+this will effectively need root permissions and for us to be in GROUP.
+
+This file is completely unusable until we make a tor-arm user and perform
+other prep by running with the '--init' argument.
+
+After that's done this is meant to either be used by arm automatically after
+writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this
+automatically you'll either need to...
+
+- compile override.c, setuid on the binary, and move it to your path
+  cd /usr/share/arm/resources/torrcOverride
+  make
+  chown root:tor-arm override
+  chmod 04750 override
+  mv override /usr/bin/torrc-override
+
+- allow passwordless sudo for this script
+  edit /etc/sudoers and add a line with:
+  <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrcOverride/override.py
+
+To perform this manually run:
+/usr/share/arm/resources/torrcOverride/override.py
+pkill -sighup tor
+"""
+
+import os
+import sys
+import grp
+import pwd
+import time
+import shutil
+import tempfile
+import signal
+
+USER = "tor-arm"
+GROUP = "tor-arm"
+TOR_CONFIG_FILE = "/etc/tor/torrc"
+ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc"
+
+HELP_MSG = """Usage %s [OPTION]
+  Backup the system wide torrc (%s) and replace it with the
+  contents of %s.
+
+  --init    creates the necessary user and paths
+  --remove  reverts changes made with --init
+""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE)
+
+def init():
+  """
+  Performs system preparation needed for this script to run, adding the tor-arm
+  user and setting up paths/permissions.
+  """
+  
+  # the following is just here if we have a custom destination directory (which
+  # arm doesn't currently account for)
+  if not os.path.exists("/bin/"):
+    print "making '/bin'..."
+    os.mkdir("/bin")
+  
+  if not os.path.exists("/var/lib/tor-arm/"):
+    print "making '/var/lib/tor-arm'..."
+    os.makedirs("/var/lib/tor-arm")
+  
+  if not os.path.exists("/var/lib/tor-arm/torrc"):
+    print "making '/var/lib/tor-arm/torrc'..."
+    open("/var/lib/tor-arm/torrc", 'w').close()
+  
+  try: gid = grp.getgrnam(GROUP).gr_gid
+  except KeyError:
+    print "adding %s group..." % GROUP
+    os.system("addgroup --quiet --system %s" % GROUP)
+    gid = grp.getgrnam(GROUP).gr_gid
+    print "  done, gid: %s" % gid
+  
+  try: pwd.getpwnam(USER).pw_uid
+  except KeyError:
+    print "adding %s user..." % USER
+    os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER))
+    uid = pwd.getpwnam(USER).pw_uid
+    print "  done, uid: %s" % uid
+  
+  os.chown("/bin", 0, 0)
+  os.chown("/var/lib/tor-arm", 0, gid)
+  os.chmod("/var/lib/tor-arm", 0750)
+  os.chown("/var/lib/tor-arm/torrc", 0, gid)
+  os.chmod("/var/lib/tor-arm/torrc", 0760)
+
+def remove():
+  """
+  Reverts the changes made by init, and also removes the optional
+  /bin/torrc-override binary if it exists.
+  """
+  
+  print "removing %s user..." % USER
+  os.system("deluser --quiet %s" % USER)
+  
+  print "removing %s group..." % GROUP
+  os.system("delgroup --quiet %s" % GROUP)
+  
+  # might not exist since this is compiled and placed separately
+  try:
+    print "removing '/bin/torrc-override'..."
+    os.remove("/bin/torrc-override")
+  except OSError:
+    print "  no such path"
+  
+  try:
+    print "removing '/var/lib/tor-arm'..."
+    shutil.rmtree("/var/lib/tor-arm/")
+  except Exception, exc:
+    print "  unsuccessful: %s" % exc
+
+def replaceTorrc():
+  orig_uid = os.getuid()
+  orig_euid = os.geteuid()
+  
+  # the USER and GROUP must exist on this system
+  try:
+    dropped_uid = pwd.getpwnam(USER).pw_uid
+    dropped_gid = grp.getgrnam(GROUP).gr_gid
+    dropped_euid, dropped_egid = dropped_uid, dropped_gid
+  except KeyError:
+    print "tor-arm user and group was not found, have you run this script with '--init'?"
+    exit(1)
+  
+  # if we're actually root, we skip this group check
+  # root can get away with all of this
+  if orig_uid != 0:
+    # check that the user is in GROUP
+    if not dropped_gid in os.getgroups():
+      print "Your user needs to be a member of the %s group for this to work" % GROUP
+      sys.exit(1)
+  
+  # drop to the unprivileged group, and lose the rest of the groups
+  os.setgid(dropped_gid)
+  os.setegid(dropped_egid)
+  os.setresgid(dropped_gid, dropped_egid, dropped_gid)
+  os.setgroups([dropped_gid])
+  
+  # make a tempfile and write out the contents
+  try:
+    tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally
+    
+    # allows our child process to write to tf.name (not only if their uid matches, not their gid) 
+    os.chown(tf.name, dropped_uid, orig_euid)
+  except:
+    print "We were unable to make a temporary file"
+    sys.exit(1)
+  
+  fork_pid = os.fork()
+  
+  # open the suspect config after we drop privs
+  # we assume the dropped privs are still enough to write to the tf
+  if (fork_pid == 0):
+    signal.signal(signal.SIGCHLD, signal.SIG_IGN)
+    
+    # Drop privs forever in the child process
+    # I believe this drops os.setfsuid os.setfsgid stuff
+    # Clear all other supplemental groups for dropped_uid
+    os.setgroups([dropped_gid])
+    os.setresgid(dropped_gid, dropped_egid, dropped_gid)
+    os.setresuid(dropped_uid, dropped_euid, dropped_uid)
+    os.setgid(dropped_gid)
+    os.setegid(dropped_egid)
+    os.setuid(dropped_uid)
+    os.seteuid(dropped_euid)
+    
+    try:
+      af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed
+      
+      # ensure that the fd we opened has the properties we requrie
+      configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD
+      if configStat.st_gid != dropped_gid:
+        print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP)
+        sys.exit(1)
+      
+      # if everything checks out, we're as safe as we're going to get
+      armConfig = af.read(1024 * 1024) # limited read but not too limited
+      af.close()
+      tf.file.write(armConfig)
+      tf.flush()
+    except:
+      print "Unable to open the arm config as unpriv'ed user"
+      sys.exit(1)
+    finally:
+      tf.close()
+      sys.exit(0)
+  else:
+    # If we're here, we're in the parent waiting for the child's death
+    # man, unix is really weird...
+    _, status = os.waitpid(fork_pid, 0)
+  
+  if status != 0:
+    print "The child seems to have failed; exiting!"
+    tf.close()
+    sys.exit(1)
+  
+  # attempt to verify that the config is OK
+  if os.path.exists(tf.name):
+    # construct our SU string
+    SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER
+    # We raise privs to drop them with 'su'
+    os.setuid(0)
+    os.seteuid(0)
+    os.setgid(0)
+    os.setegid(0)
+    # We drop privs here and exec tor to verify it as the dropped_uid 
+    print "Using Tor to verify that arm will not break Tor's config:"
+    success = os.system(SUSTRING)
+    if success != 0:
+      print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name)
+      sys.exit(1)
+  
+  # backup the previous tor config
+  if os.path.exists(TOR_CONFIG_FILE):
+    try:
+      backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time()))
+      shutil.copy(TOR_CONFIG_FILE, backupFilename)
+    except IOError, exc:
+      print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc)
+      sys.exit(1)
+  
+  # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name
+  try:
+    shutil.copy(tf.name, TOR_CONFIG_FILE)
+    print "Successfully reconfigured Tor"
+  except IOError, exc:
+    print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc)
+    sys.exit(1)
+  
+  # unlink our temp file
+  try:
+    os.remove(tf.name)
+  except:
+    print "Unable to close temp file %s" % tf.name
+    sys.exit(1)
+  
+  sys.exit(0)
+
+if __name__ == "__main__":
+  # sanity check that we're on linux
+  if os.name != "posix":
+    print "This is a script specifically for configuring Linux"
+    sys.exit(1)
+  
+  # check that we're running effectively as root
+  if os.geteuid() != 0:
+    print "This script needs to be run as root"
+    sys.exit(1)
+  
+  if len(sys.argv) < 2:
+    replaceTorrc()
+  elif len(sys.argv) == 2 and sys.argv[1] == "--init":
+    init()
+  elif len(sys.argv) == 2 and sys.argv[1] == "--remove":
+    remove()
+  else:
+    print HELP_MSG
+    sys.exit(1)
+



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits