Commit d9ae8bf8 authored by segfault's avatar segfault

Use BindsTo= and After= in tor-has-bootstrapped systemd units (refs: #16664)

Currently, if tor@default.service stops for some reason (either stopped
manually or unexpectedly), tails-tor-has-boostrapped.target is still
active.

Using BindsTo= in conjunction with After= ensures that the unit is
always stopped if the other unit (tor@default.service) is stopped.
See https://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=

This allows us to simplify config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped,
which would only have to check if tails-tor-has-bootstrapped.target is active.
Or, we could get rid of this script altogether, because instead of
calling the script, applications can just run

    /bin/systemctl --quiet is-active tails-tor-has-bootstrapped.target

themselves.
parent 23863ff2
[Unit]
Description=Tor has bootstrapped
Description=Tor has Bootstrapped
Documentation=https://tails.boum.org/contribute/design/
Requires=graphical.target
Conflicts=rescue.service rescue.target
After=graphical.target rescue.service rescue.target
AllowIsolate=yes
After=tails-wait-until-tor-has-bootstrapped.service
BindsTo=tails-wait-until-tor-has-bootstrapped.service
[Install]
WantedBy=graphical.target
WantedBy=tails-wait-until-tor-has-bootstrapped.service
\ No newline at end of file
[Unit]
Description=Wait for Tor to Have Bootstrapped
Description=Tor has Bootstrapped
Documentation=https://tails.boum.org/contribute/design/
After=tor@default.service
Before=tails-tor-has-bootstrapped.target
BindsTo=tor@default.service
[Service]
Type=oneshot
RemainAfterExit=yes
User=debian-tor
ExecStart=/bin/sh -c '. /usr/local/lib/tails-shell-library/tor.sh ; \
while ! tor_is_working ; do \
......@@ -19,4 +20,4 @@ ProtectHome=yes
ProtectSystem=full
[Install]
WantedBy=tails-tor-has-bootstrapped.target
WantedBy=tor@default.service
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment