[Tor-BSD] FreeBSD permissions issues
George Rosamond
george at ceetonetechnology.com
Tue Nov 17 19:16:13 EST 2015
Tim Wilson-Brown - teor:
>
>> On 18 Nov 2015, at 10:45, George Rosamond
>> <george at ceetonetechnology.com> wrote:
>>
>>
>>
>> Pete Wright:
>>>
>>>
>>> On 11/17/15 14:41, N.J. Thomas wrote:
>>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17
>>>> 14:23:13-0800]:
>>>>>> Has anyone else noticed the same? Am I doing something
>>>>>> wrong with my install, or does this need to be fixed?
>>>>>>
>>>>>
>>>>> on my end this info is already included in the pkg-message.in
>>>>> file which should get printed to stdout when installing the
>>>>> pkg.
>>>>
>>>> Ugh, serves me right for ignoring this during installation.
>>>>
>>>> I guess my next question is, if is this something that can be
>>>> automated? Is there any particular reason this is a manual
>>>> step?
>>>>
>>>>
>>>
>>> hrm - this is usually something i offload to my configuration
>>> mgmt tool of choice but it got me thinking. i re-read the
>>> porter's handbook for freebsd and sure enough it looks like this
>>> could be scripted. i think if we drop a file named
>>> "post-install" in /usr/ports/security/tor-devel/files/ we could
>>> script this stuff. i am thinking this is akin to %post
>>> directives in RPM spec files (if you've ever had the misfortune
>>> of working with RPM's).
>>>
>>> the question though is this something that is frowned upon or
>>> not. i don't see too many instances of post-* scripts in the
>>> ports tree, so either this isn't a common requirement or is
>>> something that is avoided for other reasons. would love to have
>>> the time to dig into this myself but unfortunately i'm
>>> oversubscribed as-is already :/
>>
>> I don't think it's frowned on, and it's something that I should
>> have submitted as a PR a long time ago.
>>
>> IMHO, it should be simple enough to provide "post-install"
>> instructions…
>
> This step will delete any previous keys for a relay, so please don't
> automate it:
>
>> rm -r /var/db/tor /var/run/tor
>
> When the relay starts up with no keys, it will generate a new key at
> random. Any clients using the relay as a guard will then pick another
> guard. All the Tor consensus flags on the relay will be reset, and
> the flags that depend on stability may take a week or so to come
> back.
Yes. Very true. I thought we were just referring to the creation and
setting permissions for the tor log file?
g
More information about the Tor-BSD
mailing list