[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relay/btc node script

To: torelay <torelay@xxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Tor relay/btc node script
From: Sharif Olorin <sio@xxxxxxxxxx>
Date: Mon, 18 May 2015 06:46:34 +0000
Cc: tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 18 May 2015 02:47:06 -0400
In-reply-to: <D752E962-0AAC-4BD5-AE62-76E17780960C@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <D752E962-0AAC-4BD5-AE62-76E17780960C@xxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Sup/0.21.0

Hi,

> Please give me any comments criticisms. Appreciated. 

Just a few comments from a quick read through:

 - The code you have to upgrade to jessie (presumably from wheezy) isn't
   very safe (for instance, what if the server needs custom repositories
   in its sources.list which the script wipes out?). In the UNIX
   tradition of doing one thing well, I'd suggest just telling the user
   they need to upgrade first and exiting if they're still on wheezy.
   (Sidenote, you can get this information from /etc/debian_version; you
   don't need to ask the user.)

 - > echo -e "\033[1;33m""If you're on a shared/virtual server you can't set the time
   
   This isn't usually true. For example, KVM provides paravirtualized
   access to the system clock. In either case, running ntpd is best
   practice on the guest always - I'm not sure what the advantage is in
   stopping ntpd, running ntpdate and starting ntpd again.

 - You use sudo in a lot of places, but you also exit at the top if the
   script isn't run as root; it isn't necessary to do both.

 - Related to the above, it's not a good idea to do things like building
   packages (particularly those downloaded from the web) as root; I'd
   recommend having your script run as an unprivileged user and using
   sudo for e.g., invoking apt-get or the final `sudo make install` step.

 - Given that your script is intended for jessie hosts, it'd be nice to
   have bitcoind run under systemd (put a unit file for the bitcoind
   service under /etc/systemd); use of rc.local is definitely
   deprecated. Likewise, using systemd would eliminate the need to set up
   logrotate and would have the added advantage of all daemon logs being in
   the same place (journald).

 - For safety reasons, all complex scripts like this should start with
   `set -e` - that way if a particular command fails the script will
   stop executing, rather than continuing in an inconsistent state and
   possibly breaking something.

HTH,
Sharif

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Tor relay/btc node script
  - From: torelay

Prev by Author: Re: [tor-relays] Please enable IPv6 on your relay!
Next by Author: Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.
Previous by thread: [tor-relays] Tor relay/btc node script
Next by thread: [tor-relays] How to use our own TOR relay as entry node for local network hosts
Index(es):
- Author
- Thread