Opened 6 months ago

Last modified 3 months ago

#30797 new defect

Stop shipping an abandoned systemd script?

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #31576 Points:
Reviewer: Sponsor:

Description

#19759, #19761, #19762 are bugs filed on the systemd script that we ship in "contrib/dist/tor.service.in".

The bugs haven't been looked at in years, and it looks like nobody on our side is paying attention to this systemd script. That sounds to me like we would consider people foolish if they tried to use it.

Should we confirm that somebody, somewhere else on the internet, has a better systemd script than we do, and then remove ours?

Child Tickets

TicketStatusOwnerSummaryComponent
#16782newsystemd unit file is not compatible with the AppArmorProfile= directiveCore Tor/Tor
#19759newsystemd tor.service hardening: add MemoryDenyWriteExecute=trueCore Tor/Tor
#19761newTor systemd service should have RuntimeDirectory=torCore Tor/Tor
#19762newTor systemd service should have ReadWriteDirectories=/var/run/torCore Tor/Tor

Change History (4)

comment:1 Changed 6 months ago by candrews

I think that tor should just start maitaining the systemd script.

If it instead stos distributing such a script at all, every Linux distro and user that uses tor not from a distro has to develop and maintain such a script independently with no effective means for collaboration. And that's a big problem - particularly with regards to security.

comment:2 Changed 6 months ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 6 months ago by intrigeri

It certainly would be interesting to understand why tor packagers for major Linux distros seem to have independently reached the conclusion that maintaining their own unit file is a better solution, for themselves and their users, than collaboratively maintaining this unit file upstream.

But until there is clear interest to do this work, IMO we should not be distributing a file that's unmaintained: doing so is a disservice to our users — unless the file is actually already working perfectly for some relevant usecases, e.g. might it be that Arch Linux ships it as-is, and that's why nobody modifies it?

comment:4 Changed 3 months ago by teor

Parent ID: #31576
Note: See TracTickets for help on using tickets.