**Defect description:** Tor 0.3.5.8 (.deb packages from deb.torproject.org) on Ubuntu 18.04 amd64 (systemd), starts too early during the boot process, (reproducibly) resulting in "Problem bootstrapping" messages: ``` $ journalctl --utc -b | sed -e 's/'$HOSTNAME'/myhostname/' -e 's/ Tor[\[0-9\]*]/ Tor[1234]/' | grep 'myhostname Tor' Feb 28 17:17:42 myhostname Tor[1234]: Tor 0.3.5.8 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0g, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.3. Feb 28 17:17:42 myhostname Tor[1234]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Feb 28 17:17:42 myhostname Tor[1234]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc". Feb 28 17:17:42 myhostname Tor[1234]: Read configuration file "/etc/tor/torrc". Feb 28 17:17:42 myhostname Tor[1234]: Opening Socks listener on 127.0.0.1:9050 Feb 28 17:17:42 myhostname Tor[1234]: Opened Socks listener on 127.0.0.1:9050 Feb 28 17:17:42 myhostname Tor[1234]: Parsing GEOIP IPv4 file /usr/share/tor/geoip. Feb 28 17:17:42 myhostname Tor[1234]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Feb 28 17:17:42 myhostname Tor[1234]: Bootstrapped 0%: Starting Feb 28 17:17:43 myhostname Tor[1234]: Starting with guard context "default" Feb 28 17:17:43 myhostname Tor[1234]: Signaled readiness to systemd Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 0%: Starting. (Network is unreachable; NOROUTE; count 1; recommendation warn; host A59B27226496443A93D25E8D87BFCB8ADEDB4862 at 51.75.125.233:9001) Feb 28 17:17:43 myhostname Tor[1234]: Opening Socks listener on /run/tor/socks Feb 28 17:17:43 myhostname Tor[1234]: Opened Socks listener on /run/tor/socks Feb 28 17:17:43 myhostname Tor[1234]: Opening Control listener on /run/tor/control Feb 28 17:17:43 myhostname Tor[1234]: Opened Control listener on /run/tor/control Feb 28 17:17:43 myhostname Tor[1234]: Bootstrapped 5%: Connecting to directory server Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 2; recommendation warn; host 617314F0CD8B8EA76B4963AC6C6BA3773DA63594 at 144.76.91.135:9001) Feb 28 17:17:43 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 3; recommendation warn; host A0F39D32028CEC7F35419E9570401DE15B1B4564 at 5.196.58.96:9001) Feb 28 17:17:44 myhostname Tor[1234]: Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 4; recommendation warn; host BCC9FA5994200032E9CD04866B823B6D929F22A8 at 78.31.65.92:443) Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 10%: Finishing handshake with directory server Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 80%: Connecting to the Tor network Feb 28 17:17:45 myhostname Tor[1234]: Bootstrapped 90%: Establishing a Tor circuit Feb 28 17:17:47 myhostname Tor[1234]: Bootstrapped 100%: Done ``` **Impact:** As seen, Tor does finally bootstrap successfully, and functionality is not impacted. **Correction:** This issue appears to be caused by imperfect service dependencies as set in /lib/systemd/system/tor@.service and /lib/systemd/system/tor@default.service: ``` [Unit] After=network.target nss-lookup.target ``` My interpretation of the [systemd documentation](https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/) is that this should correctly say: ``` [Unit] After=network-online.target nss-lookup.target Want=network-online.target nss-lookup.target ``` I suspect that using "network-online.target" (instead of "network.target") may also allow for removing the "nss-lookup.target" dependency, but have not attempted to verify this. **Related:** * [ticket:25803#comment:6 Ticket legacy/trac#25803 "Infinite restart loop when daemon crashes", comment 6] * [ticket:20930 Ticket legacy/trac#20930 "Use new systemd hardening options"] **Trac**: **Username**: tomreyn