Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:37:41Zhttps://gitlab.torproject.org/legacy/trac/-/issues/12731systemd unit file should explicitly pass --RunAsDaemon 02020-06-13T14:37:41Zintrigerisystemd unit file should explicitly pass --RunAsDaemon 0The current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we ...The current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we pass "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains "RunAsDaemon 1") by default.
The only solution I can see to this problem is to explicitly pass "--RunAsDaemon 0" when starting tor from the systemd unit file.Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/12730systemd unit file could use --verify-config in ExecStartPre2020-06-13T14:37:41Zintrigerisystemd unit file could use --verify-config in ExecStartPreThe ExecStartPre directive (systemd.service(5)) allows to run commands before actually starting the service, and to _not_ start the service if one of these commands fail. It allows one to replicate the behavior that the tor initscript in...The ExecStartPre directive (systemd.service(5)) allows to run commands before actually starting the service, and to _not_ start the service if one of these commands fail. It allows one to replicate the behavior that the tor initscript in Debian has, which is desirable IMO: if we don't have this, then when we install the systemd unit file in Debian, we have a regression.Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/11016Add support for systemd watchdog protocol2020-06-13T15:34:01ZTracAdd support for systemd watchdog protocolSystemd provides a watchdog protocol, as described on http://0pointer.de/blog/projects/watchdog.html . It basically requires the service to write a message to a socket every X second, if some environment variables are set. While present ...Systemd provides a watchdog protocol, as described on http://0pointer.de/blog/projects/watchdog.html . It basically requires the service to write a message to a socket every X second, if some environment variables are set. While present since a long time, the newer v209 version provides a helper function to implement it, by moving the parsing logic in a library.
So here is 2 patches for tor :
The first one implement the Notify protocol for systemd, thus permitting people to use Type=notify in the systemd unit ( see http://www.freedesktop.org/software/systemd/man/systemd.service.html for the detail, as well as the rather lengthy debate on Debian init system for Jessie ). The patch is not doing much or adding much features, but I guess some people would prefer to have this Type of systemd unit rather than simple as it could prevent some race condition if a service requires tor to be really started and working, before being started himself. It also add status line to systemd, but that's not a feature that is currently used much ( I do hope maybe some higher level tool like cockpit would use it later ).
The 2nd one is adding a event to the main loop to ping the watchdog on a regular basis, using the new function in libsystemd-daemon. So this way, if tor is stuck, it will be restarted. I guess I do not have to explain how and why this improve tor :)
So far, I only have been able to test the first one on my Fedora 20 and I am waiting for package to test the 2nd one in real life. However, in order to release early, release often, I upload them here for review.
**Trac**:
**Username**: miscTor: 0.2.6.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/9807Add systemd service file for openSUSE2020-06-13T14:32:12ZTracAdd systemd service file for openSUSEHi all,
I have written a systemd service file for openSUSE. I have tested it with all currently supported versions (12.1, 12.2 and 12.3). Maybe it can be added in Tor's contrib/suse directory?
Thanks
**Trac**:
**Username**: microchipHi all,
I have written a systemd service file for openSUSE. I have tested it with all currently supported versions (12.1, 12.2 and 12.3). Maybe it can be added in Tor's contrib/suse directory?
Thanks
**Trac**:
**Username**: microchipTor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/8908Tor systemd socket activation support2020-06-13T14:29:16ZcypherpunksTor systemd socket activation supportAllow Tor to be started on-demand on Linux under systemd.
WIP patch posted here: https://lists.torproject.org/pipermail/tor-dev/2013-May/004885.html
More info about socket activation: http://0pointer.de/blog/projects/socket-activation....Allow Tor to be started on-demand on Linux under systemd.
WIP patch posted here: https://lists.torproject.org/pipermail/tor-dev/2013-May/004885.html
More info about socket activation: http://0pointer.de/blog/projects/socket-activation.htmlTor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/8368Add tor.service (for systemd) to upstream package2020-06-13T14:40:29ZTracAdd tor.service (for systemd) to upstream packageIn Fedora we have a custom systemd service file for running Tor. We are encouraged to push changes upstream, and thus I am proposing that it be included as part of the upstream tarball. I have pasted the contents below, but please do adv...In Fedora we have a custom systemd service file for running Tor. We are encouraged to push changes upstream, and thus I am proposing that it be included as part of the upstream tarball. I have pasted the contents below, but please do advise on whether this can be improved:
$ cat tor.service
[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target
[Service]
Type = simple
ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --quiet
ExecReload = /bin/kill -HUP ${MAINPID}
ExecStop = /bin/kill -INT ${MAINPID}
TimeoutSec = 30
Restart = on-failure
LimitNOFILE = 4096
[Install]
WantedBy = multi-user.target
**Trac**:
**Username**: jamielinuxTor: 0.2.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/29621Systemd Tor service starts too early2020-06-13T15:38:48ZTracSystemd Tor service starts too early**Defect description:**
Tor 0.3.5.8 (.deb packages from deb.torproject.org) on Ubuntu 18.04 amd64 (systemd), starts too early during the boot process, (reproducibly) resulting in "Problem bootstrapping" messages:
```
$ journalctl --utc ...**Defect description:**
Tor 0.3.5.8 (.deb packages from deb.torproject.org) on Ubuntu 18.04 amd64 (systemd), starts too early during the boot process, (reproducibly) resulting in "Problem bootstrapping" messages:
```
$ journalctl --utc -b | sed -e 's/'$HOSTNAME'/myhostname/' -e 's/ Tor[\[0-9\]*]/ Tor[1234]/' | grep 'myhostname Tor'
Feb 28 17:17:42 myhostname Tor[1234]: Tor 0.3.5.8 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3.
Feb 28 17:17:42 myhostname Tor[1234]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Feb 28 17:17:42 myhostname Tor[1234]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Feb 28 17:17:42 myhostname Tor[1234]: Read configuration file "/etc/tor/torrc".
Feb 28 17:17:42 myhostname Tor[1234]: Opening Socks listener on 127.0.0.1:9050
Feb 28 17:17:42 myhostname Tor[1234]: Opened Socks listener on 127.0.0.1:9050
Feb 28 17:17:42 myhostname Tor[1234]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 28 17:17:42 myhostname Tor[1234]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 28 17:17:42 myhostname Tor[1234]: Bootstrapped 0%: Starting
Feb 28 17:17:43 myhostname Tor[1234]: Starting with guard context "default"
Feb 28 17:17:43 myhostname Tor[1234]: Signaled readiness to systemd
Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 0%: Starting. (Network is unreachable; NOROUTE; count 1; recommendation warn; host A59B27226496443A93D25E8D87BFCB8ADEDB4862 at 51.75.125.233:9001)
Feb 28 17:17:43 myhostname Tor[1234]: Opening Socks listener on /run/tor/socks
Feb 28 17:17:43 myhostname Tor[1234]: Opened Socks listener on /run/tor/socks
Feb 28 17:17:43 myhostname Tor[1234]: Opening Control listener on /run/tor/control
Feb 28 17:17:43 myhostname Tor[1234]: Opened Control listener on /run/tor/control
Feb 28 17:17:43 myhostname Tor[1234]: Bootstrapped 5%: Connecting to directory server
Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 2; recommendation warn; host 617314F0CD8B8EA76B4963AC6C6BA3773DA63594 at 144.76.91.135:9001)
Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 3; recommendation warn; host A0F39D32028CEC7F35419E9570401DE15B1B4564 at 5.196.58.96:9001)
Feb 28 17:17:44 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 4; recommendation warn; host BCC9FA5994200032E9CD04866B823B6D929F22A8 at 78.31.65.92:443)
Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 10%: Finishing handshake with directory server
Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 80%: Connecting to the Tor network
Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 90%: Establishing a Tor circuit
Feb 28 17:17:47 myhostname Tor[1234]: Bootstrapped 100%: Done
```
**Impact:**
As seen, Tor does finally bootstrap successfully, and functionality is not impacted.
**Correction:**
This issue appears to be caused by imperfect service dependencies as set in /lib/systemd/system/tor@.service and /lib/systemd/system/tor@default.service:
```
[Unit]
After=network.target nss-lookup.target
```
My interpretation of the [systemd documentation](https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/) is that this should correctly say:
```
[Unit]
After=network-online.target nss-lookup.target
Want=network-online.target nss-lookup.target
```
I suspect that using "network-online.target" (instead of "network.target") may also allow for removing the "nss-lookup.target" dependency, but have not attempted to verify this.
**Related:**
* [ticket:25803#comment:6 Ticket #25803 "Infinite restart loop when daemon crashes", comment 6]
* [ticket:20930 Ticket #20930 "Use new systemd hardening options"]
**Trac**:
**Username**: tomreynhttps://gitlab.torproject.org/legacy/trac/-/issues/16398systemd startup timeout on v0.2.6.9 (git-145b2587d1269af4)2020-06-13T14:47:01ZTracsystemd startup timeout on v0.2.6.9 (git-145b2587d1269af4)I'm using experimental builds on Ubuntu 15.04. Since the last update systemd is looping forever in restarting Tor, because it detects a start timeout:
```
Jun 18 12:26:27 dharma systemd[1]: Starting Anonymizing overlay network for TCP.....I'm using experimental builds on Ubuntu 15.04. Since the last update systemd is looping forever in restarting Tor, because it detects a start timeout:
```
Jun 18 12:26:27 dharma systemd[1]: Starting Anonymizing overlay network for TCP...
Jun 18 12:26:27 dharma tor[11487]: Jun 18 12:26:27.321 [notice] Tor v0.2.6.9 (git-145b2587d1269af4) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1f and Zlib 1.2.8.
Jun 18 12:26:27 dharma tor[11487]: Jun 18 12:26:27.321 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 18 12:26:27 dharma tor[11487]: Jun 18 12:26:27.321 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 18 12:26:27 dharma tor[11487]: Jun 18 12:26:27.321 [notice] Read configuration file "/etc/tor/torrc".
Jun 18 12:26:27 dharma tor[11487]: Configuration was valid
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.393 [notice] Tor v0.2.6.9 (git-145b2587d1269af4) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1f and Zlib 1.2.8.
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.393 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.393 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.393 [notice] Read configuration file "/etc/tor/torrc".
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.400 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 18 12:26:27 dharma tor[11490]: Jun 18 12:26:27.400 [notice] Opening Control listener on /var/run/tor/control
Jun 18 12:27:12 dharma systemd[1]: tor.service start operation timed out. Terminating.
Jun 18 12:27:12 dharma systemd[1]: Failed to start Anonymizing overlay network for TCP.
Jun 18 12:27:12 dharma systemd[1]: Unit tor.service entered failed state.
Jun 18 12:27:12 dharma systemd[1]: tor.service failed.
Jun 18 12:27:12 dharma systemd[1]: tor.service holdoff time over, scheduling restart.
Jun 18 12:27:12 dharma systemd[1]: Starting Anonymizing overlay network for TCP...
Jun 18 12:27:12 dharma tor[11572]: Jun 18 12:27:12.796 [notice] Tor v0.2.6.9 (git-145b2587d1269af4) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1f and Zlib 1.2.8.
Jun 18 12:27:12 dharma tor[11572]: Jun 18 12:27:12.796 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 18 12:27:12 dharma tor[11572]: Jun 18 12:27:12.796 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 18 12:27:12 dharma tor[11572]: Jun 18 12:27:12.796 [notice] Read configuration file "/etc/tor/torrc".
Jun 18 12:27:12 dharma tor[11572]: Configuration was valid
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.874 [notice] Tor v0.2.6.9 (git-145b2587d1269af4) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1f and Zlib 1.2.8.
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.874 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.874 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.875 [notice] Read configuration file "/etc/tor/torrc".
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.881 [notice] Opening Socks listener on 127.0.0.1:9050
Jun 18 12:27:12 dharma tor[11575]: Jun 18 12:27:12.882 [notice] Opening Control listener on /var/run/tor/control
```
... and goes on like this forever. This wasn't happening until few days ago, where this last update was distirbuted.
**Trac**:
**Username**: maxxerhttps://gitlab.torproject.org/legacy/trac/-/issues/13196systemd unit file needs to make /var/run/tor writable2020-06-13T14:38:51Zintrigerisystemd unit file needs to make /var/run/tor writableThe changes introduced for #12751 break the unit file with systemd v215, as they prevent /var/run/tor/ from being writable. I'll test and submit a patch that resolves this shortly.The changes introduced for #12751 break the unit file with systemd v215, as they prevent /var/run/tor/ from being writable. I'll test and submit a patch that resolves this shortly.intrigeriintrigeri