Arm/Tor Deb Torrc Configuration
Hi Jake. Thanks for this! The only part I'll comment on much is python and arm since the change itself mostly concerns the arm deb -> tor deb interaction (which treads on areas I'm not too familiar with).
See attached for a rewrite of the python script you sent me. Writing manual copy methods were unnecessary due to shutil, the group check is simplified a bit, and some minor syntax issues would have prevented it from running. This checks out with pylint but I haven't exercised it (not on a good test system).
My understanding of your change is as follows. I'm sure I'm misunderstanding a few parts so corrections appreciated!
Step 1: The resources you're providing will only be included or used in the arm deb. As such they'll be checked into the packaging branch under...
/resources/replaceTorrc/Makefile
/resources/replaceTorrc/tor-arm-replace-torrc.c
/resources/replaceTorrc/tor-arm-replace-torrc.h
/resources/replaceTorrc/replaceTorrc.pyStep 2: In deb-prep.sh [1] we'll copy it into release_deb/src/resources via something like the following on line 33...
(cd resources && git archive --format=tar packaging replaceTorrc) | (cd ./release_deb/src/resources && tar xf -)Step 3: Also in deb-prep.sh we change our default data directory from "~/.arm" to "/var/lib/tor-arm".
Step 4: I build and send debs to Peter as normal, the only difference being that the arm deb has these "src/resources/replaceTorrc/*" contents. The tor-arm-replace-torrc is still uncompiled at this point.
Step 5: Part of installing the deb is that a "tor-arm" group is created, "tor-arm-replace-torrc" is compiled and placed in "/bin/tor-arm-replace-torrc", and '/var/lib/tor-arm' is made under "root:tor-arm".
Detail that I'm not clear on: if the user just runs 'arm' then it's under their user rather than tor-arm and hence won't be able to access the arm data directory, causing arm lots of problems (it won't die, but worse performance and many things will not work). Clarification here would be nice.
Step 6: I add an "isDebHack" check which governs if we're gonna be using this or not. The conditional is: a. "tor-arm-replace-torrc" is in the PATH b. we're either not connected to tor or torrc path for the attached instance is "/etc/tor/torrc"
Step 7: If "isDebHack" is true then when the wizard is finished [2] it calls "tor-arm-replace-torrc". If that's successful then HUP tor, otherwise show the user an error. This just means a little change around line 376.
Step 8: My understanding is that the tor process is unable to write to its torrc, so SAVECONF calls fail on debian. Is that right? If so, then arm's saveConf function [3] will need to be modified so the configuration panel can write custom configs.
If this is right then I can do the changes to make arm do the above with the exception of step 5. That deb change and the testing I'll be leaving up to you. My understanding is that this isn't impacting my deb prep process and that you're taking ownership of this feature. Please let me know if that isn't the case!
I'd like an ok from Peter, Nick, and confirmation from Jake that he's owning this before I implement the above. Besides that, I'm thrilled arm will be getting better tor deb integration! -Damian
[1] https://gitweb.torproject.org/arm.git/blob/packaging:/deb-prep.sh [2] https://gitweb.torproject.org/arm.git/blob/HEAD:/src/cli/wizard.py#l324 [3] https://gitweb.torproject.org/arm.git/blob/HEAD:/src/util/torConfig.py#l395