[tor-relays] debian package upgrade restart issue -- fixed

nusenu nusenu at openmailbox.org
Thu Sep 8 08:44:00 UTC 2016



nusenu:
>>>> I'm generating instance names based on IP addresses_ORport (so they
>>>> contain "." and "_") and are therefore filtered by the generator.
>>>>
>>>> Is it acceptable to add "." and "_" to the whitelist?
>>>>
>>>> (patches attached)
>>>
>>> Based on the output of 'systemd-escape' (a tool that escapes strings for
>>> use in unit names) it is safe to use "." and "_" in unit names.
>>
>> I am always wary of allowing dots in anything.  Allowing dots and
>> thereby also allowing ".." is the origin of many vectors.  This doesn't
>> necessarily mean that it's a problem here, but it's the reason I usually
>> exclude periods from.
> 
> 
> Since systemd devs deem it safe to use "." (and also "..") in unit files
> would you share their opinion or will "." stay excluded?
> 
> You are tending towards not adding it?
> Either way it would be nice to have a decision so I could move forward
> (either by simply waiting for an package update or if rejected, by
> finding a not-to-ugly work around for that limitation).
> 
>> Another is that I want to be able to move foo to foo.disabled or
>> foo.bak, and have it not get picked up.
> 
> That does not conflict with the idea to allow dots, yes?

For the record:
I "solved" this problem by replacing the generator shipped by the debian
package.
(I added "_" and "." to the list of allowed characters.)

On systemd v219 this is rather easy, since replacing package generators
is a build in feature of systemd, on debian stable (systemd v215) a
dpkg-statoverride "hack" has been used, thanks to Martin Pitt
(debian/ubuntu dev) for this hint.

https://github.com/nusenu/ansible-relayor/blob/0406395a8758f12abd57914532cc0ff17894d015/tasks/apt_install.yml#L38-L55

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160908/83813ed3/attachment.sig>


More information about the tor-relays mailing list