[Tor-BSD] FreeBSD permissions issues

Tim Wilson-Brown - teor teor2345 at gmail.com
Tue Nov 17 19:13:30 EST 2015 

> On 18 Nov 2015, at 10:45, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> 
> 
> Pete Wright:
>> 
>> 
>> On 11/17/15 14:41, N.J. Thomas wrote:
>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17 14:23:13-0800]:
>>>>> Has anyone else noticed the same? Am I doing something wrong with my
>>>>> install, or does this need to be fixed?
>>>>> 
>>>> 
>>>> on my end this info is already included in the pkg-message.in file which
>>>> should get printed to stdout when installing the pkg.
>>> 
>>> Ugh, serves me right for ignoring this during installation.
>>> 
>>> I guess my next question is, if is this something that can be automated?
>>> Is there any particular reason this is a manual step?
>>> 
>>> 
>> 
>> hrm - this is usually something i offload to my configuration mgmt tool
>> of choice but it got me thinking.  i re-read the porter's handbook for
>> freebsd and sure enough it looks like this could be scripted.  i think
>> if we drop a file named "post-install" in
>> /usr/ports/security/tor-devel/files/ we could script this stuff.  i am
>> thinking this is akin to %post directives in RPM spec files (if you've
>> ever had the misfortune of working with RPM's).
>> 
>> the question though is this something that is frowned upon or not.  i
>> don't see too many instances of post-* scripts in the ports tree, so
>> either this isn't a common requirement or is something that is avoided
>> for other reasons.  would love to have the time to dig into this myself
>> but unfortunately i'm oversubscribed as-is already :/
> 
> I don't think it's frowned on, and it's something that I should have
> submitted as a PR a long time ago.
> 
> IMHO, it should be simple enough to provide "post-install" instructions…

This step will delete any previous keys for a relay, so please don't automate it:

> rm -r /var/db/tor /var/run/tor

When the relay starts up with no keys, it will generate a new key at random.
Any clients using the relay as a guard will then pick another guard.
All the Tor consensus flags on the relay will be reset, and the flags that depend on stability may take a week or so to come back.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151118/d2dfe14a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20151118/d2dfe14a/attachment-0001.bin>

More information about the Tor-BSD mailing list