aboutsummaryrefslogtreecommitdiffstats
path: root/community/tor/tor.initd
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2016-08-31 15:52:12 +0200
committerJakub Jirutka <jakub@jirutka.cz>2016-08-31 15:54:35 +0200
commite76de920d4538eeaed3c6d914e1f6016ee30e208 (patch)
tree1a43aa2a29762a9a5688bc26f92662c141b89044 /community/tor/tor.initd
parent06d0775371a659d4fc202c06e5d1b9ff1a14f1a2 (diff)
downloadaports-e76de920d4538eeaed3c6d914e1f6016ee30e208.tar.gz
aports-e76de920d4538eeaed3c6d914e1f6016ee30e208.tar.bz2
aports-e76de920d4538eeaed3c6d914e1f6016ee30e208.tar.xz
community/tor: fix runscript - issues with User and DataDirectory options
Diffstat (limited to 'community/tor/tor.initd')
-rw-r--r--community/tor/tor.initd58
1 files changed, 41 insertions, 17 deletions
diff --git a/community/tor/tor.initd b/community/tor/tor.initd
index 99ec8ae853..db8b2cff81 100644
--- a/community/tor/tor.initd
+++ b/community/tor/tor.initd
@@ -1,27 +1,23 @@
#!/sbin/openrc-run
-conffile="/etc/tor/torrc"
-pidfile="/run/tor/tor.pid"
-user="${user:-tor}"
-graceful_timeout="${GRACEFUL_TIMEOUT:-60}"
+: ${conffile:="/etc/tor/torrc"}
+: ${user:="tor"}
+: ${graceful_timeout:="${GRACEFUL_TIMEOUT:-60}"}
command="/usr/bin/tor"
-command_args="-f $conffile"
+command_args="-f $conffile --runasdaemon 0"
command_background="yes"
-start_stop_daemon_args="
- --user $user
- --chdir /var/lib/tor
- --env HOME=/var/lib/tor"
+start_stop_daemon_args="--chdir /var/lib/tor"
+pidfile="/run/tor/tor.pid"
-# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
-# Graceful = wait 30 secs or so until all connections are properly closed.
extra_commands="checkconfig"
-extra_started_commands="graceful gracefulstop reload"
+extra_started_commands="gracefulstop reload"
description="Anonymizing overlay network for TCP"
description_checkconfig="Check if config file is valid."
description_reload="Reload the configuration."
-description_gracefulstop="Gracefully stop."
+# See bug #523552, and https://trac.torproject.org/projects/tor/ticket/5525
+description_gracefulstop="Gracefully stop (wait $gracefulstop until all connections are properly closed)."
depend() {
@@ -36,15 +32,35 @@ checkconfig() {
fi
# Now verify whether the configuration is valid.
- if ! $command --verify-config -f "$conffile" 2>&1 1>/dev/null; then
- eerror "Tor configuration (${conffile}) not valid"
- $command --verify-config -f "$conffile"
- return 1
+ # If User directive is set in $conffile, then we must run tor as root,
+ # even --verify-config, otherwise it fails when verifying permissions
+ # of DataDirectory.
+ if conf_has User; then
+ local user="root"
fi
+ local out
+ out="$(su -s /bin/sh -c "$command $command_args --verify-config" $user 2>&1)" || {
+ eerror "Tor configuration $conffile is not valid"
+ printf '%s\n' "$out"
+ return 1
+ }
}
start_pre() {
checkconfig || return 1
+
+ # If User directive is set in $conffile, start tor as root and let it
+ # drop privileges itself (may be needed e.g. to bind to a privileged
+ # port). Otherwise run tor as $user (recommended).
+ if conf_has User; then
+ local user="$(conf_get User)"
+ else
+ start_stop_daemon_args="$start_stop_daemon_args --user $user"
+ fi
+
+ if conf_has DataDirectory; then
+ checkpath -d -m 0700 -o "$user" "$(conf_get DataDirectory)"
+ fi
checkpath -d -m 0755 -o "$user" "$(dirname "$pidfile")"
}
@@ -66,3 +82,11 @@ reload() {
start-stop-daemon --signal HUP --pidfile "$pidfile"
eend $?
}
+
+conf_get() {
+ sed -n "s/^\s*$1 \([^#]*\)/\1/p" "$conffile"
+}
+
+conf_has() {
+ grep -q "^\s*$1 " "$conffile"
+}