Commit 1390e8b1 authored by intrigeri's avatar intrigeri
Browse files

Explicitly use tor@default.service when it's the one we mean.

Tor 0.2.7.x packaging now uses a template systemd unit file,
and the instance we use is called tor@default.service.
parent 44dab98a
......@@ -59,7 +59,12 @@ systemctl --global enable tails-warn-about-disabled-persistence.service
systemctl disable cups.service
systemctl enable cups.socket
# We're starting NetworkManager and Tor ourselves
# We're starting NetworkManager and Tor ourselves.
# We disable tor.service (as opposed to tor@default.service) because
# it's an important goal to never start Tor before the user has had
# a chance to choose to do so in an obfuscated way: if some other
# package enables tor@whatever.service someday, disabling tor.service
# will disable it as well, while disabling tor@default.service would not.
systemctl disable tor.service
systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service
......@@ -20,7 +20,7 @@ fi
. /usr/local/lib/tails-shell-library/
# It's safest that Tor is not running when messing with its logs.
service tor stop
systemctl stop tor@default.service
# We depend on grepping stuff from the Tor log (especially for
# tordate/, so deleting it seems like a Good Thing(TM).
......@@ -50,7 +50,7 @@ if [ "$(tails_netconf)" = "obstacle" ]; then
# We do not use restart-tor since it validates that bootstraping
# succeeds. That cannot happen until Tor Launcher has started
# (below) and the user is done configuring it.
service tor restart
systemctl restart tor@default.service
# When using a bridge Tor reports TLS cert lifetime errors
# (e.g. when the system clock is way off) with severity "info", but
......@@ -171,7 +171,7 @@ maybe_set_time_from_tor_consensus() {
date -us "${vmid}" 1>/dev/null
# Tor is unreliable with picking a circuit after time change
service tor restart
systemctl restart tor@default.service
tor_cert_valid_after() {
......@@ -231,7 +231,7 @@ else
if is_clock_way_off; then
log "The clock is so badly off that Tor cannot download a consensus. Setting system time to the authority's cert's valid-after date and trying to fetch a consensus again..."
date --set="$(tor_cert_valid_after)" > /dev/null
service tor reload
systemctl reload tor@default.service
Description=Wait for Tor to Have Bootstrapped
......@@ -19,7 +19,7 @@ clear_tor_log() {
service tor restart
systemctl restart tor@default.service
# There are two main points to this script:
# * restarting Tor if bootstrapping stalls for more than 20 seconds
......@@ -43,7 +43,7 @@ maybe_restart_tor() {
elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then
log "Tor seems to have stalled while bootstrapping. Restarting Tor."
service tor restart
systemctl restart tor@default.service
return 1
/bin/systemctl --quiet is-active tor.service || exit 1
/bin/systemctl --quiet is-active tor@default.service || exit 1
[ 'inactive' \
= \
$(/bin/systemctl is-active \
......@@ -62,7 +62,7 @@ maybe_restart_tor () {
if ! tor_is_working; then
echo "* Restarting Tor"
if ! service tor status; then
if ! systemctl --quiet is-active tor@default.service; then
error "`gettext \"Failed to restart Tor.\"`"
......@@ -112,8 +112,8 @@ def post_snapshot_restore_hook
# with the other relays, so we ensure that we have fresh circuits.
# Time jumps and incorrect clocks also confuses Tor in many ways.
if $vm.has_network?
if $vm.execute("service tor status").success?
$vm.execute("service tor stop")
if $vm.execute("systemctl --quiet is-active tor@default.service").success?
$vm.execute("systemctl stop tor@default.service")
$vm.execute("rm -f /var/log/tor/log")
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment