Commit 1390e8b1 authored by intrigeri's avatar intrigeri

Explicitly use tor@default.service when it's the one we mean.

Tor 0.2.7.x packaging now uses a template systemd unit file,
and the instance we use is called tor@default.service.
parent 44dab98a
...@@ -59,7 +59,12 @@ systemctl --global enable tails-warn-about-disabled-persistence.service ...@@ -59,7 +59,12 @@ systemctl --global enable tails-warn-about-disabled-persistence.service
systemctl disable cups.service systemctl disable cups.service
systemctl enable cups.socket systemctl enable cups.socket
# We're starting NetworkManager and Tor ourselves # We're starting NetworkManager and Tor ourselves.
# We disable tor.service (as opposed to tor@default.service) because
# it's an important goal to never start Tor before the user has had
# a chance to choose to do so in an obfuscated way: if some other
# package enables tor@whatever.service someday, disabling tor.service
# will disable it as well, while disabling tor@default.service would not.
systemctl disable tor.service systemctl disable tor.service
systemctl disable NetworkManager.service systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service systemctl disable NetworkManager-wait-online.service
......
...@@ -20,7 +20,7 @@ fi ...@@ -20,7 +20,7 @@ fi
. /usr/local/lib/tails-shell-library/tails-greeter.sh . /usr/local/lib/tails-shell-library/tails-greeter.sh
# It's safest that Tor is not running when messing with its logs. # It's safest that Tor is not running when messing with its logs.
service tor stop systemctl stop tor@default.service
# We depend on grepping stuff from the Tor log (especially for # We depend on grepping stuff from the Tor log (especially for
# tordate/20-time.sh), so deleting it seems like a Good Thing(TM). # tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
...@@ -50,7 +50,7 @@ if [ "$(tails_netconf)" = "obstacle" ]; then ...@@ -50,7 +50,7 @@ if [ "$(tails_netconf)" = "obstacle" ]; then
# We do not use restart-tor since it validates that bootstraping # We do not use restart-tor since it validates that bootstraping
# succeeds. That cannot happen until Tor Launcher has started # succeeds. That cannot happen until Tor Launcher has started
# (below) and the user is done configuring it. # (below) and the user is done configuring it.
service tor restart systemctl restart tor@default.service
# When using a bridge Tor reports TLS cert lifetime errors # When using a bridge Tor reports TLS cert lifetime errors
# (e.g. when the system clock is way off) with severity "info", but # (e.g. when the system clock is way off) with severity "info", but
......
...@@ -171,7 +171,7 @@ maybe_set_time_from_tor_consensus() { ...@@ -171,7 +171,7 @@ maybe_set_time_from_tor_consensus() {
date -us "${vmid}" 1>/dev/null date -us "${vmid}" 1>/dev/null
# Tor is unreliable with picking a circuit after time change # Tor is unreliable with picking a circuit after time change
service tor restart systemctl restart tor@default.service
} }
tor_cert_valid_after() { tor_cert_valid_after() {
...@@ -231,7 +231,7 @@ else ...@@ -231,7 +231,7 @@ else
if is_clock_way_off; then if is_clock_way_off; then
log "The clock is so badly off that Tor cannot download a consensus. Setting system time to the authority's cert's valid-after date and trying to fetch a consensus again..." log "The clock is so badly off that Tor cannot download a consensus. Setting system time to the authority's cert's valid-after date and trying to fetch a consensus again..."
date --set="$(tor_cert_valid_after)" > /dev/null date --set="$(tor_cert_valid_after)" > /dev/null
service tor reload systemctl reload tor@default.service
fi fi
wait_for_tor_consensus wait_for_tor_consensus
maybe_set_time_from_tor_consensus maybe_set_time_from_tor_consensus
......
[Unit] [Unit]
Description=Wait for Tor to Have Bootstrapped Description=Wait for Tor to Have Bootstrapped
Documentation=https://tails.boum.org/contribute/design/ Documentation=https://tails.boum.org/contribute/design/
After=tor.service After=tor@default.service
[Service] [Service]
Type=oneshot Type=oneshot
......
...@@ -19,7 +19,7 @@ clear_tor_log() { ...@@ -19,7 +19,7 @@ clear_tor_log() {
} }
clear_tor_log clear_tor_log
service tor restart systemctl restart tor@default.service
# There are two main points to this script: # There are two main points to this script:
# * restarting Tor if bootstrapping stalls for more than 20 seconds # * restarting Tor if bootstrapping stalls for more than 20 seconds
...@@ -43,7 +43,7 @@ maybe_restart_tor() { ...@@ -43,7 +43,7 @@ maybe_restart_tor() {
elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then elif [ $(expr $(clock_gettime_monotonic) - $last_bootstrap_change) -ge 20 ]; then
log "Tor seems to have stalled while bootstrapping. Restarting Tor." log "Tor seems to have stalled while bootstrapping. Restarting Tor."
clear_tor_log clear_tor_log
service tor restart systemctl restart tor@default.service
bootstrap_progress=0 bootstrap_progress=0
last_bootstrap_change=$(clock_gettime_monotonic) last_bootstrap_change=$(clock_gettime_monotonic)
return 1 return 1
......
#!/bin/sh #!/bin/sh
/bin/systemctl --quiet is-active tor.service || exit 1 /bin/systemctl --quiet is-active tor@default.service || exit 1
[ 'inactive' \ [ 'inactive' \
= \ = \
$(/bin/systemctl is-active \ $(/bin/systemctl is-active \
......
...@@ -62,7 +62,7 @@ maybe_restart_tor () { ...@@ -62,7 +62,7 @@ maybe_restart_tor () {
if ! tor_is_working; then if ! tor_is_working; then
echo "* Restarting Tor" echo "* Restarting Tor"
restart-tor restart-tor
if ! service tor status; then if ! systemctl --quiet is-active tor@default.service; then
error "`gettext \"Failed to restart Tor.\"`" error "`gettext \"Failed to restart Tor.\"`"
fi fi
fi fi
......
...@@ -112,8 +112,8 @@ def post_snapshot_restore_hook ...@@ -112,8 +112,8 @@ def post_snapshot_restore_hook
# with the other relays, so we ensure that we have fresh circuits. # with the other relays, so we ensure that we have fresh circuits.
# Time jumps and incorrect clocks also confuses Tor in many ways. # Time jumps and incorrect clocks also confuses Tor in many ways.
if $vm.has_network? if $vm.has_network?
if $vm.execute("service tor status").success? if $vm.execute("systemctl --quiet is-active tor@default.service").success?
$vm.execute("service tor stop") $vm.execute("systemctl stop tor@default.service")
$vm.execute("rm -f /var/log/tor/log") $vm.execute("rm -f /var/log/tor/log")
$vm.host_to_guest_time_sync $vm.host_to_guest_time_sync
$vm.spawn("restart-tor") $vm.spawn("restart-tor")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment