summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJamie Nguyen <j@jamielinux.com>2015-11-30 08:47:32 +0000
committerJamie Nguyen <j@jamielinux.com>2015-11-30 09:25:41 +0000
commitfd51c0001bb55215d2ac6bd1272f263e97656568 (patch)
tree09e58bf8e55553c8239dec1f9f3cda4bea9569f4
parent754bd22e085891fa238c377a597655281fa416bb (diff)
Use tor-master.service to restart/reload all instances
-rw-r--r--README22
-rw-r--r--tor-master.service13
-rw-r--r--tor.logrotate2
-rw-r--r--tor.service6
-rw-r--r--tor.spec21
-rw-r--r--tor@.service31
6 files changed, 85 insertions, 10 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..19de442
--- /dev/null
+++ b/README
@@ -0,0 +1,22 @@
+The default configuration file for Tor is "/etc/tor/torrc" and is used when you
+run this command:
+
+ # systemctl start tor.service
+
+Multiple instances of Tor can be run simultaneously using different
+configuration files. For example, tor@custom.service will use the configuration
+file "/etc/tor/custom.torrc".
+
+ # cp /etc/tor/torrc /etc/tor/custom.torrc
+ # mkdir /var/lib/tor/custom
+ # chown toranon:toranon /var/lib/tor/custom
+ # echo "SOCKSPort 9051" >> /etc/tor/custom.torrc
+ # echo "DataDirectory /var/lib/tor/custom" > /etc/tor/custom.torrc
+ # systemctl start tor@custom.service
+
+To restart, reload, or stop all running instances of Tor (including tor.service
+and any tor@.service), use tor-master.service. For example, to restart all
+instances of Tor, run this command:
+
+ # systemctl restart tor-master.service
+
diff --git a/tor-master.service b/tor-master.service
new file mode 100644
index 0000000..4b21b7f
--- /dev/null
+++ b/tor-master.service
@@ -0,0 +1,13 @@
+# systemd targets cannot be reloaded, so use a service instead.
+
+[Unit]
+Description=Anonymizing overlay network for TCP (multi-instance master)
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tor.logrotate b/tor.logrotate
index 7d67feb..0fd02b3 100644
--- a/tor.logrotate
+++ b/tor.logrotate
@@ -8,6 +8,6 @@
create 0640 toranon toranon
sharedscripts
postrotate
- /bin/systemctl reload tor.service >/dev/null 2>/dev/null || :
+ /bin/systemctl reload tor-master.service >/dev/null 2>/dev/null || :
endscript
}
diff --git a/tor.service b/tor.service
index 05fd808..86e0921 100644
--- a/tor.service
+++ b/tor.service
@@ -1,6 +1,8 @@
[Unit]
-Description = Anonymizing overlay network for TCP
-After = syslog.target network.target nss-lookup.target
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
+PartOf=tor-master.service
+ReloadPropagatedFrom=tor-master.service
[Service]
Type=notify
diff --git a/tor.spec b/tor.spec
index f1a9b1b..6d97c9c 100644
--- a/tor.spec
+++ b/tor.spec
@@ -30,6 +30,9 @@ Source1: https://www.torproject.org/dist/%{name}-%{version}.tar.gz.asc
Source2: tor.logrotate
Source3: tor.defaults-torrc
Source10: tor.service
+Source11: tor@.service
+Source12: tor-master.service
+Source20: README
# https://bugzilla.redhat.com/show_bug.cgi?id=1279222
# https://trac.torproject.org/projects/tor/ticket/17562
@@ -87,17 +90,21 @@ make %{?_smp_mflags}
make install DESTDIR=$RPM_BUILD_ROOT
mv $RPM_BUILD_ROOT%{_sysconfdir}/tor/torrc.sample \
$RPM_BUILD_ROOT%{_sysconfdir}/tor/torrc
+install -D -p -m 0644 %{SOURCE20} $RPM_BUILD_ROOT%{_sysconfdir}/tor/README
mkdir -p $RPM_BUILD_ROOT%{logdir}
mkdir -p $RPM_BUILD_ROOT%{homedir}
install -D -p -m 0644 %{SOURCE10} $RPM_BUILD_ROOT%_unitdir/%{name}.service
+install -D -p -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%_unitdir/%{name}@.service
+install -D -p -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%_unitdir/%{name}-master.service
install -D -p -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/tor
install -D -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_datadir}/%{name}/defaults-torrc
%if 0%{without libsystemd}
# Some features are not available for systemd 208 on RHEL 7.
sed -i $RPM_BUILD_ROOT%_unitdir/%{name}.service \
+ -i $RPM_BUILD_ROOT%_unitdir/%{name}@.service \
-e 's/^Type=.*/Type=simple/g' \
-e '/^NotifyAccess=.*/d' \
-e '/^WatchdogSec=.*/d' \
@@ -105,10 +112,6 @@ sed -i $RPM_BUILD_ROOT%_unitdir/%{name}.service \
-e '/^ProtectSystem=.*/d'
%endif
-sed -e 's#/etc/tor/torrc#/etc/tor/%%i.torrc#g' \
- $RPM_BUILD_ROOT%_unitdir/%{name}.service \
- > $RPM_BUILD_ROOT%_unitdir/%{name}@.service
-
# Install docs manually.
rm -rf %{buildroot}%{_datadir}/doc
@@ -121,13 +124,13 @@ getent passwd %{toruser} >/dev/null || \
exit 0
%post
-%systemd_post %{name}.service
+%systemd_post %{name}-master.service
%preun
-%systemd_preun %{name}.service
+%systemd_preun %{name}-master.service
%postun
-%systemd_postun_with_restart %{name}.service
+%systemd_postun_with_restart %{name}-master.service
%files
@@ -146,8 +149,10 @@ exit 0
%{_datadir}/tor/geoip6
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}@.service
+%{_unitdir}/%{name}-master.service
%dir %{_sysconfdir}/tor
+%{_sysconfdir}/tor/README
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc
%config(noreplace) %{_sysconfdir}/logrotate.d/tor
@@ -158,6 +163,8 @@ exit 0
%changelog
* Mon Nov 30 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-2
- improve summary and description
+- use tor-master.service to restart/reload all instances (#1286359)
+- add /etc/tor/README
* Sun Nov 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-1
- update to upstream release 0.2.7.5
diff --git a/tor@.service b/tor@.service
new file mode 100644
index 0000000..08933bc
--- /dev/null
+++ b/tor@.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Anonymizing overlay network for TCP (instance: %i)
+After=syslog.target network.target nss-lookup.target
+PartOf=tor-master.service
+ReloadPropagatedFrom=tor-master.service
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc --verify-config
+ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=30
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
+
+# Hardening
+PrivateTmp=yes
+DeviceAllow=/dev/null rw
+DeviceAllow=/dev/urandom r
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=/var/lib/tor
+ReadWriteDirectories=/var/log/tor
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy = multi-user.target