* [PATCH] tor: Fix tor permissions if presant via update.sh
@ 2019-06-10 11:36 Erik Kapfer
2019-06-10 14:31 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Erik Kapfer @ 2019-06-10 11:36 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 659 bytes --]
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
config/rootfiles/core/133/update.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh
index a05ad0741..3ecb5651b 100644
--- a/config/rootfiles/core/133/update.sh
+++ b/config/rootfiles/core/133/update.sh
@@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
/etc/init.d/squid start
/etc/init.d/collectd restart
+# Set new permissions for tor
+if [ -d "/var/lib/tor" ]; then
+ chown -R tor:tor /var/lib/tor
+fi
+
# Finish
/etc/init.d/fireinfo start
sendprofile
--
2.12.2
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] tor: Fix tor permissions if presant via update.sh
2019-06-10 11:36 [PATCH] tor: Fix tor permissions if presant via update.sh Erik Kapfer
@ 2019-06-10 14:31 ` Michael Tremer
2019-06-10 18:12 ` Peter Müller
0 siblings, 1 reply; 9+ messages in thread
From: Michael Tremer @ 2019-06-10 14:31 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 947 bytes --]
Hi,
Thanks for sending in that patch.
But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts.
-Michael
> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>
> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> ---
> config/rootfiles/core/133/update.sh | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh
> index a05ad0741..3ecb5651b 100644
> --- a/config/rootfiles/core/133/update.sh
> +++ b/config/rootfiles/core/133/update.sh
> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
> /etc/init.d/squid start
> /etc/init.d/collectd restart
>
> +# Set new permissions for tor
> +if [ -d "/var/lib/tor" ]; then
> + chown -R tor:tor /var/lib/tor
> +fi
> +
> # Finish
> /etc/init.d/fireinfo start
> sendprofile
> --
> 2.12.2
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] tor: Fix tor permissions if presant via update.sh
2019-06-10 14:31 ` Michael Tremer
@ 2019-06-10 18:12 ` Peter Müller
2019-06-10 18:36 ` Paul Simmons
2019-06-10 19:10 ` [PATCH] tor: Fix tor permissions if presant via update.sh ummeegge
0 siblings, 2 replies; 9+ messages in thread
From: Peter Müller @ 2019-06-10 18:12 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1499 bytes --]
Hello Michael,
as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 ,
the "install.sh" script of the Tor addon contains all required steps.
Since "update.sh" calls "install.sh" at the end of the file, everything
should be fine after an update as well - which is not. However, due to
this, I do not think putting it into "update.sh" makes sense either.
Thanks, and best regards,
Peter Müller
Michael Tremer:
> Hi,
>
> Thanks for sending in that patch.
>
> But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts.
>
> -Michael
>
>> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>>
>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>> ---
>> config/rootfiles/core/133/update.sh | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh
>> index a05ad0741..3ecb5651b 100644
>> --- a/config/rootfiles/core/133/update.sh
>> +++ b/config/rootfiles/core/133/update.sh
>> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
>> /etc/init.d/squid start
>> /etc/init.d/collectd restart
>>
>> +# Set new permissions for tor
>> +if [ -d "/var/lib/tor" ]; then
>> + chown -R tor:tor /var/lib/tor
>> +fi
>> +
>> # Finish
>> /etc/init.d/fireinfo start
>> sendprofile
>> --
>> 2.12.2
>>
>
--
The road to Hades is easy to travel.
-- Bion of Borysthenes
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] tor: Fix tor permissions if presant via update.sh
2019-06-10 18:12 ` Peter Müller
@ 2019-06-10 18:36 ` Paul Simmons
2019-06-10 18:51 ` Michael Tremer
2019-06-10 19:10 ` [PATCH] tor: Fix tor permissions if presant via update.sh ummeegge
1 sibling, 1 reply; 9+ messages in thread
From: Paul Simmons @ 2019-06-10 18:36 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1607 bytes --]
On 6/10/19 1:12 PM, Peter Müller wrote:
> Hello Michael,
>
> as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 ,
> the "install.sh" script of the Tor addon contains all required steps.
>
> Since "update.sh" calls "install.sh" at the end of the file, everything
> should be fine after an update as well - which is not. However, due to
> this, I do not think putting it into "update.sh" makes sense either.
>
> Thanks, and best regards,
> Peter Müller
>
> Michael Tremer:
>> Hi,
>>
>> Thanks for sending in that patch.
>>
>> But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts.
>>
>> -Michael
>>
>>> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>>>
>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>>> ---
>>> config/rootfiles/core/133/update.sh | 5 +++++
>>> 1 file changed, 5 insertions(+)
>>>
>>> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh
>>> index a05ad0741..3ecb5651b 100644
>>> --- a/config/rootfiles/core/133/update.sh
>>> +++ b/config/rootfiles/core/133/update.sh
>>> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
>>> /etc/init.d/squid start
>>> /etc/init.d/collectd restart
>>>
>>> +# Set new permissions for tor
>>> +if [ -d "/var/lib/tor" ]; then
>>> + chown -R tor:tor /var/lib/tor
>>> +fi
>>> +
>>> # Finish
>>> /etc/init.d/fireinfo start
>>> sendprofile
>>> --
>>> 2.12.2
>>>
>>
>
Perhaps the restore_backup in install.sh is undoing the ownership?
p.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] tor: Fix tor permissions if presant via update.sh
2019-06-10 18:36 ` Paul Simmons
@ 2019-06-10 18:51 ` Michael Tremer
2019-06-10 19:02 ` [PATCH] Tor: fix permissions after updating, too Peter Müller
0 siblings, 1 reply; 9+ messages in thread
From: Michael Tremer @ 2019-06-10 18:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1932 bytes --]
Hi,
Yes that will be it. The backup stores permissions and ownership.
Please move the chown line to after the backup is being restored and you will be fine.
-Michael
> On 10 Jun 2019, at 19:36, Paul Simmons <mbatranch(a)gmail.com> wrote:
>
> On 6/10/19 1:12 PM, Peter Müller wrote:
>> Hello Michael,
>>
>> as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11 ,
>> the "install.sh" script of the Tor addon contains all required steps.
>>
>> Since "update.sh" calls "install.sh" at the end of the file, everything
>> should be fine after an update as well - which is not. However, due to
>> this, I do not think putting it into "update.sh" makes sense either.
>>
>> Thanks, and best regards,
>> Peter Müller
>>
>> Michael Tremer:
>>> Hi,
>>>
>>> Thanks for sending in that patch.
>>>
>>> But I think instead of doing this in the Core Update, this change should be applied in the tor update scripts.
>>>
>>> -Michael
>>>
>>>> On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>>>>
>>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>>>> ---
>>>> config/rootfiles/core/133/update.sh | 5 +++++
>>>> 1 file changed, 5 insertions(+)
>>>>
>>>> diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/core/133/update.sh
>>>> index a05ad0741..3ecb5651b 100644
>>>> --- a/config/rootfiles/core/133/update.sh
>>>> +++ b/config/rootfiles/core/133/update.sh
>>>> @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/vpnmain.cgi
>>>> /etc/init.d/squid start
>>>> /etc/init.d/collectd restart
>>>>
>>>> +# Set new permissions for tor
>>>> +if [ -d "/var/lib/tor" ]; then
>>>> + chown -R tor:tor /var/lib/tor
>>>> +fi
>>>> +
>>>> # Finish
>>>> /etc/init.d/fireinfo start
>>>> sendprofile
>>>> --
>>>> 2.12.2
>>>>
>>>
>>
>
> Perhaps the restore_backup in install.sh is undoing the ownership?
>
> p.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] Tor: fix permissions after updating, too
2019-06-10 18:51 ` Michael Tremer
@ 2019-06-10 19:02 ` Peter Müller
2019-06-12 13:57 ` Peter Müller
0 siblings, 1 reply; 9+ messages in thread
From: Peter Müller @ 2019-06-10 19:02 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1097 bytes --]
Fixes #12088
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reported-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
lfs/tor | 2 +-
src/paks/tor/install.sh | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/lfs/tor b/lfs/tor
index 1e8c3889d..d918910d4 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 39
+PAK_VER = 40
DEPS = "libseccomp"
diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
index 268bccecd..1659871b6 100644
--- a/src/paks/tor/install.sh
+++ b/src/paks/tor/install.sh
@@ -32,9 +32,10 @@ if ! getent passwd tor; then
useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor
fi
+extract_files
+restore_backup ${NAME}
+
# Adjust some folder permission for new UID/GID
chown -R tor:tor /var/lib/tor /var/ipfire/tor
-extract_files
-restore_backup ${NAME}
start_service --background ${NAME}
--
2.16.4
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] tor: Fix tor permissions if presant via update.sh
2019-06-10 18:12 ` Peter Müller
2019-06-10 18:36 ` Paul Simmons
@ 2019-06-10 19:10 ` ummeegge
1 sibling, 0 replies; 9+ messages in thread
From: ummeegge @ 2019-06-10 19:10 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1826 bytes --]
Hello Michael & Peter,
On Mo, 2019-06-10 at 18:12 +0000, Peter Müller wrote:
> Hello Michael,
>
> as mentioned in https://bugzilla.ipfire.org/show_bug.cgi?id=12088#c11
> ,
> the "install.sh" script of the Tor addon contains all required steps.
>
> Since "update.sh" calls "install.sh" at the end of the file,
> everything
> should be fine after an update as well - which is not. However, due
> to
> this, I do not think putting it into "update.sh" makes sense either.
Thought a little in the same way since there is also an update for tor
whereby tor´s update.sh (includes install.sh then) should be executed.
To stay save i used the core update.sh for this...
Best,
Erik
>
> Thanks, and best regards,
> Peter Müller
>
> Michael Tremer:
> > Hi,
> >
> > Thanks for sending in that patch.
> >
> > But I think instead of doing this in the Core Update, this change
> > should be applied in the tor update scripts.
> >
> > -Michael
> >
> > > On 10 Jun 2019, at 12:36, Erik Kapfer <ummeegge(a)ipfire.org>
> > > wrote:
> > >
> > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > > ---
> > > config/rootfiles/core/133/update.sh | 5 +++++
> > > 1 file changed, 5 insertions(+)
> > >
> > > diff --git a/config/rootfiles/core/133/update.sh
> > > b/config/rootfiles/core/133/update.sh
> > > index a05ad0741..3ecb5651b 100644
> > > --- a/config/rootfiles/core/133/update.sh
> > > +++ b/config/rootfiles/core/133/update.sh
> > > @@ -71,6 +71,11 @@ sudo -u nobody /srv/web/ipfire/cgi-
> > > bin/vpnmain.cgi
> > > /etc/init.d/squid start
> > > /etc/init.d/collectd restart
> > >
> > > +# Set new permissions for tor
> > > +if [ -d "/var/lib/tor" ]; then
> > > + chown -R tor:tor /var/lib/tor
> > > +fi
> > > +
> > > # Finish
> > > /etc/init.d/fireinfo start
> > > sendprofile
> > > --
> > > 2.12.2
> > >
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Tor: fix permissions after updating, too
2019-06-10 19:02 ` [PATCH] Tor: fix permissions after updating, too Peter Müller
@ 2019-06-12 13:57 ` Peter Müller
2019-06-12 14:12 ` Michael Tremer
0 siblings, 1 reply; 9+ messages in thread
From: Peter Müller @ 2019-06-12 13:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1368 bytes --]
Hello,
could somebody please merge this patch _before_ closing Core Update 133?
Thanks, and best regards,
Peter Müller
> Fixes #12088
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> Reported-by: Erik Kapfer <ummeegge(a)ipfire.org>
> ---
> lfs/tor | 2 +-
> src/paks/tor/install.sh | 5 +++--
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/lfs/tor b/lfs/tor
> index 1e8c3889d..d918910d4 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = tor
> -PAK_VER = 39
> +PAK_VER = 40
>
> DEPS = "libseccomp"
>
> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
> index 268bccecd..1659871b6 100644
> --- a/src/paks/tor/install.sh
> +++ b/src/paks/tor/install.sh
> @@ -32,9 +32,10 @@ if ! getent passwd tor; then
> useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor
> fi
>
> +extract_files
> +restore_backup ${NAME}
> +
> # Adjust some folder permission for new UID/GID
> chown -R tor:tor /var/lib/tor /var/ipfire/tor
>
> -extract_files
> -restore_backup ${NAME}
> start_service --background ${NAME}
>
--
The road to Hades is easy to travel.
-- Bion of Borysthenes
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] Tor: fix permissions after updating, too
2019-06-12 13:57 ` Peter Müller
@ 2019-06-12 14:12 ` Michael Tremer
0 siblings, 0 replies; 9+ messages in thread
From: Michael Tremer @ 2019-06-12 14:12 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1641 bytes --]
Hi,
err, the update is closed and should be building right now.
But tor is an add-on. So we can build this separately.
-Michael
> On 12 Jun 2019, at 14:57, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> Hello,
>
> could somebody please merge this patch _before_ closing Core Update 133?
>
> Thanks, and best regards,
> Peter Müller
>
>
>> Fixes #12088
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> Reported-by: Erik Kapfer <ummeegge(a)ipfire.org>
>> ---
>> lfs/tor | 2 +-
>> src/paks/tor/install.sh | 5 +++--
>> 2 files changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/lfs/tor b/lfs/tor
>> index 1e8c3889d..d918910d4 100644
>> --- a/lfs/tor
>> +++ b/lfs/tor
>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>> PROG = tor
>> -PAK_VER = 39
>> +PAK_VER = 40
>>
>> DEPS = "libseccomp"
>>
>> diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh
>> index 268bccecd..1659871b6 100644
>> --- a/src/paks/tor/install.sh
>> +++ b/src/paks/tor/install.sh
>> @@ -32,9 +32,10 @@ if ! getent passwd tor; then
>> useradd -u 119 -g tor -c "Tor daemon user" -d /var/empty -s /bin/false tor
>> fi
>>
>> +extract_files
>> +restore_backup ${NAME}
>> +
>> # Adjust some folder permission for new UID/GID
>> chown -R tor:tor /var/lib/tor /var/ipfire/tor
>>
>> -extract_files
>> -restore_backup ${NAME}
>> start_service --background ${NAME}
>>
>
> --
> The road to Hades is easy to travel.
> -- Bion of Borysthenes
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2019-06-12 14:12 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-10 11:36 [PATCH] tor: Fix tor permissions if presant via update.sh Erik Kapfer
2019-06-10 14:31 ` Michael Tremer
2019-06-10 18:12 ` Peter Müller
2019-06-10 18:36 ` Paul Simmons
2019-06-10 18:51 ` Michael Tremer
2019-06-10 19:02 ` [PATCH] Tor: fix permissions after updating, too Peter Müller
2019-06-12 13:57 ` Peter Müller
2019-06-12 14:12 ` Michael Tremer
2019-06-10 19:10 ` [PATCH] tor: Fix tor permissions if presant via update.sh ummeegge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox