nice to have: test torrc for incompatible transistions of config values

Under Gentoo we do have a config check in the OpenRc script: "${command} --verify-config --hush" But unfortunately that will not catch the case where the config is ok but a reload will fail due to changes eg. from "SandBox 0" to "SandBox 1".

It would be a nifty feature to prevent a reload of Tor in such a case.

changed milestone to %Tor: unspecified

added component::core tor/tor configuration load milestone::Tor: unspecified priority::low severity::minor status::new tor-relay torrc transition type::enhancement usability version::tor 0.2.8.8 labels

toralf: any thoughts about what kind of interface might make sense here? How do other daemons handle this kind of thing, if they do?

What just comes into my mind: Add an option like "--strict-test-that-reload-would-work" which would force tor to return rather an error code then zero, if the torrc is fine but would break a reload. FWIW the OpenRc init.d script as used in Gentoo land looks straightforward :

t44 ~ # cat /etc/init.d/tor
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

command=/usr/bin/tor
pidfile=/var/run/tor/tor.pid
command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\""
retry=${GRACEFUL_TIMEOUT:-60}

extra_commands="checkconfig"
extra_started_commands="reload"
description="Anonymizing overlay network for TCP"
description_checkconfig="Check for valid config file"
description_reload="Reload the configuration"

checkconfig() {
        ${command} --verify-config --hush > /dev/null 2>&1
        if [ $? -ne 0 ] ; then
                eerror "Tor configuration (/etc/tor/torrc) is not valid."
                eerror "Example is in /etc/tor/torrc.sample"
                return 1
        fi
}

start_pre() {
        checkconfig || return 1
        checkpath -d -m 0755 -o tor:tor /var/run/tor
}

stop() {
        ebegin "Stopping Tor (waiting up to ${retry} seconds)"
        start-stop-daemon -K -s INT -R ${retry} -P -p ${pidfile}
        eend $?
}

reload() {
        checkconfig || return 1
        ebegin "Reloading Tor configuration"
        start-stop-daemon -s HUP --pidfile ${pidfile}
        eend $?
}

We have options_transition_allowed(), and then various other bugs that cause transitions to fail.

We could expose options_transition_allowed() on the command line using --verify-torrc-reload or something.

I think a pure command-line solution will only work in the case where no options have changed in Tor due to SETCONF etc. If some options have changed their values, then we won't be able to tell whether the transition is allowed using only the commandline and the two torrc files.

Trac:
Milestone: N/A to Tor: unspecified

Trac:
Keywords: N/A deleted, tor-relay usability torrc configuration load transition added

moved to tpo/core/tor#20340 (closed)