[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] #14995: systemd unit files - review



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi intrigeri,

thanks your reply.

> This is being worked on there: https://bugs.debian.org/761403
> (which should be a more appropriate forum to discuss this topic.)

I didn't want to report bugs/feature request in debian's bts for a
non-debian repo (deb.torproject.org).
This resulted in a situation where tor's trac is apparently not
accepted by the maintainer and debian's bts is not entirely the
correct place(?) either, but with that info I'll just use debian's bts
for similar matters in the future - thanks for suggesting this and the
pointer to the current ticket.

> Please report such bugs:
> 
> * to the Tor project's Trac if they are bugs in 
> contrib/dist/tor.service.in as shipped with tor

I did so in the past but since I don't know any packages actually
using that service file shipped by tor
https://gitweb.torproject.org/tor.git/tree/contrib/dist/tor.service.in
I'll probably just report any bugs/RFEs against the package instead of
tor itself. I hope this makes sense.
(The service file in tor does not say on which distributions it should
work and generic service file won't make use of the distribution
specific features.)

> * to the systemd bug tracker if they are bugs in systemd itself


https://bugs.freedesktop.org/show_bug.cgi?id=89875#c2
http://lists.freedesktop.org/archives/systemd-devel/2015-April/031377.html

If anyone is interested in systemd problems I stumble on in the tor
context:
https://github.com/nusenu/ansible-relayor/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+systemd

>> tested with jessie: 
>> https://github.com/nusenu/ansible-relayor/blob/master/files/debian_tor%40.service
>
>> 
> I get a 404 there.

The file moved to a new location and has become an ansible template
(=dynamically created) instead of a static file to "improve" security
[1]. CapabilityBoundingSet is dynamically build depending on which
capabilities are actually required (related to [2]). This is not
something you will be able to do in a service file that ships with a
package, but you can still copy that service file and simply remove
lines 31 and 36-39 of it [4].

Note: The dynamic service file adjustment I'm using is only a
temporary workaround until [3] gets addressed - which I don't expect
to happen in 2015.

[1]
https://github.com/nusenu/ansible-relayor/commit/cc7530a820fd2b4fd579598f6a16cc31d79e3045
[2] https://lists.torproject.org/pipermail/tor-dev/2015-April/008638.html
[3] https://trac.torproject.org/projects/tor/ticket/15659
[4]
https://github.com/nusenu/ansible-relayor/blob/master/templates/debian_tor%40.service

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVRPD0AAoJEFv7XvVCELh0b9QP/RD3KvqZsrHgN8IFQR5IyatB
SHsQnwcngkcQgbE27s5TVwOnXLNzPwIY85nH7rqBRjLrgtweTwTVLOzw807GimxH
cL81HOMT/nXdV6toyEzXu3P7W73T4GwThMzyw46hqblq3i/YYSIbfnLycpQ6vwgE
dwvt4P/O2JWbtYUgzNyWMonKejFvgfyRIPZypgK855pZTaBBZbBSgwnIgdeKtdxB
/GF2cFS6dQ2jHoIvI8ucv6SPWy6KKyxdkfpGzAYijp5MafzPChg+LkneUsLThail
vss1/c1VqJyGi+GGxvbvc0zPGgI/ywHop3DkLpZMjD6k24XjTjayV6ec5F+Uw8UO
rBtqzU06/+X+q7Je8LHIsTM3JRQFZg0Gsh1I/iN+ERrMZjtmiZ5GRB1cwObgVUAt
6BIfoE1gfXvsd6lYi16Fd9655T8F7/yrouUcU4dAVTqdGAftRMCEdyCBJSEE2GQE
CjSKQ+h28I/t1RD7Iw9YmoxMVUDA5zG/gsx9CsMwTKA/YqZyqcisdWJld/l4TNuU
EMzWXcsKYzeBg2JqW6ihl9JTVwvU0mip6l0J8bXDHWGl4RUBFVxVs/5yWR+PUxM5
JPSN1U31dq0Kjy23Or4fLaGil7KZ2lMbnlinyhvsj1bEP5WAmYqDxo3aJ91yRneu
S5C++Lr1Rx7JG3GxLsiq
=Aob6
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev