[tor-relays] Configuring key expiration warning messages?
trinity pointard
trinity.pointard at gmail.com
Mon May 22 07:55:19 UTC 2023
Hi,
It [looks like `TestingSigningKeySlop`][1] might be what you are
looking for. I'm not entirely sure why it's categorized as a Testing
option, as it seems to do something useful outside of testing, so
maybe don't use it just yet?
There doesn't seem to be a way to print the expiration time from that
warning you get. You can get that time by running `tor -f
/path/to/torrc --key-expiration sign --format iso8601 --quiet` (or
`--format timestamp` if you are into unix timestamps).
In an [hopefully close future][2], it will also be possible to setup
alerting if you have monitoring through Grafana or similar (or by
querying the MetricsPort with a script).
[1]: https://gitlab.torproject.org/tpo/core/tor/-/blob/34da50718a4395936736c32e8cc24876d2f7e10c/src/feature/relay/routerkeys.c#L134-172
[2]: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/698
Regards,
trinity-1686a
On Mon, 22 May 2023 at 09:04, telekobold <torproject-ml at telekobold.de> wrote:
>
> Hi everyone,
>
> I'm using OfflineMasterKey 1 for my Tor bridge, hosting and renewing the
> long-term identity key on a Tails USB stick.
>
> I observed that Tor starts printing warning messages to
> /var/log/tor/notices.log 24 hours before the intermediate key expires.
> My question is if there is a flag that could be set in the torrc file to
> start printing these warning message more than 24 hours before the
> expiration time, possibly even with outputting the exact expiration
> time? If there isn't such an option, does anyone happen to have a script
> ready for this (before I start trying to implement something like this
> myself)?
>
> Kind regards
> telekobold
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list