Opened 3 years ago

Closed 3 years ago

#17576 closed enhancement (fixed)

Add torrc option to disable default fallback directories

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201512, 201511-deferred
Cc: Actual Points:
Parent ID: #15775 Points:
Reviewer: Sponsor:

Description

There's no easy way to disable the default fallback directories.

Tails depends on using the authorities for its consensuses as part of its time syncing proof:
https://tails.boum.org/contribute/design/Time_syncing/#index1h2

We should provide an option to disable the default fallback directories entirely. (It should also conflict with any FallbackDir lines.)

Default fallbacks are also disabled when any other fallbacks are added, or when using non-default authorities.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by teor

Keywords: TorCoreTeam201511 added

comment:2 Changed 3 years ago by teor

What we want to be able to do:

  • Use hard-coded fallbacks (if any): FallbackDirDisable 0 (default)
  • Replace hard-coded fallbacks (if any) with one or more custom fallbacks: FallbackDir ... (regardless of whether FallbackDirDisable is 0 or 1)
  • Disable hard-coded fallbacks and just use the authorities: FallbackDirDisable 1

What I don't think we really need (and it might just be confusing):

  • Augment (add to) hard-coded fallbacks with custom fallbacks
    • we can always supply a list of the hard-coded fallbacks, so users can augment it themselves

How to change torrc.defaults fallback options on the command-line:

  • augment FallbackDir ... with +FallbackDir ...
  • replace FallbackDir ... with FallbackDir ...
  • delete FallbackDir ... with /FallbackDir
  • replace FallbackDirDisable 0|1 with FallbackDirDisable 1|0

I think this covers it all.

comment:3 Changed 3 years ago by teor

Status: newneeds_review

See my branch feature17576-UseDefaultFallbackDirs on https://github.com/teor2345/tor.git

It adds UseDefaultFallbackDirs to control the use of the hard-coded fallback directory mirrors. Default is 1, set to 0 to disable them.

Also updates the manual page and unit tests.

comment:4 Changed 3 years ago by nickm

Status: needs_reviewneeds_revision

Looks great except one thing: the code in options_validate() that changes UseDefaultFallbackDirs is a bad idea, since that will cause later SAVECONF calls to write the new UseDefaultFallbackDirs value to disk even if the user didn't mean for it to change.

Possibilities include:

  • Have two separate variables, one of which is the option that the user set, and one of which it the true value.
  • Always ignore UseDefaultFallbackDirs when FallbackDirs is set.

comment:5 in reply to:  4 Changed 3 years ago by teor

Replying to nickm:

Looks great except one thing: the code in options_validate() that changes UseDefaultFallbackDirs is a bad idea, since that will cause later SAVECONF calls to write the new UseDefaultFallbackDirs value to disk even if the user didn't mean for it to change.

...

  • Always ignore UseDefaultFallbackDirs when FallbackDirs is set.

This is what the code already does by checking !options->FallbackDir && options->UseDefaultFallbackDirs. I changed options_validate so that it didn't change the value of UseDefaultFallbackDirs, and updated the info message.

Please see my branch feature17576-UseDefaultFallbackDirs-v2.

comment:6 Changed 3 years ago by teor

Status: needs_revisionneeds_review

comment:7 Changed 3 years ago by nickm

Keywords: TorCoreTeam201512 201511-deferred added; TorCoreTeam201511 removed

Bulk-move uncompleted items to december. :/

comment:8 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged!

Note: See TracTickets for help on using tickets.