[Tor-BSD] FreeBSD permissions issues

George Rosamond george at ceetonetechnology.com
Tue Nov 17 19:16:13 EST 2015



Tim Wilson-Brown - teor:
> 
>> On 18 Nov 2015, at 10:45, George Rosamond
>> <george at ceetonetechnology.com> wrote:
>> 
>> 
>> 
>> Pete Wright:
>>> 
>>> 
>>> On 11/17/15 14:41, N.J. Thomas wrote:
>>>> * Pete Wright <pete at nomadlogic.org> [2015-11-17
>>>> 14:23:13-0800]:
>>>>>> Has anyone else noticed the same? Am I doing something
>>>>>> wrong with my install, or does this need to be fixed?
>>>>>> 
>>>>> 
>>>>> on my end this info is already included in the pkg-message.in
>>>>> file which should get printed to stdout when installing the
>>>>> pkg.
>>>> 
>>>> Ugh, serves me right for ignoring this during installation.
>>>> 
>>>> I guess my next question is, if is this something that can be
>>>> automated? Is there any particular reason this is a manual
>>>> step?
>>>> 
>>>> 
>>> 
>>> hrm - this is usually something i offload to my configuration
>>> mgmt tool of choice but it got me thinking.  i re-read the
>>> porter's handbook for freebsd and sure enough it looks like this
>>> could be scripted.  i think if we drop a file named
>>> "post-install" in /usr/ports/security/tor-devel/files/ we could
>>> script this stuff.  i am thinking this is akin to %post
>>> directives in RPM spec files (if you've ever had the misfortune
>>> of working with RPM's).
>>> 
>>> the question though is this something that is frowned upon or
>>> not.  i don't see too many instances of post-* scripts in the
>>> ports tree, so either this isn't a common requirement or is
>>> something that is avoided for other reasons.  would love to have
>>> the time to dig into this myself but unfortunately i'm
>>> oversubscribed as-is already :/
>> 
>> I don't think it's frowned on, and it's something that I should
>> have submitted as a PR a long time ago.
>> 
>> IMHO, it should be simple enough to provide "post-install"
>> instructions…
> 
> This step will delete any previous keys for a relay, so please don't
> automate it:
> 
>> rm -r /var/db/tor /var/run/tor
> 
> When the relay starts up with no keys, it will generate a new key at
> random. Any clients using the relay as a guard will then pick another
> guard. All the Tor consensus flags on the relay will be reset, and
> the flags that depend on stability may take a week or so to come
> back.

Yes.  Very true.  I thought we were just referring to the creation and
setting permissions for the tor log file?

g



More information about the Tor-BSD mailing list