Re: [tor-relays] [PATCH] debian package upgrade restart issue
>>> I'm generating instance names based on IP addresses_ORport (so they >>> contain "." and "_") and are therefore filtered by the generator. >>> >>> Is it acceptable to add "." and "_" to the whitelist? >>> >>> (patches attached) >> >> Based on the output of 'systemd-escape' (a tool that escapes strings for >> use in unit names) it is safe to use "." and "_" in unit names. > > I am always wary of allowing dots in anything. Allowing dots and > thereby also allowing ".." is the origin of many vectors. This doesn't > necessarily mean that it's a problem here, but it's the reason I usually > exclude periods from. Since systemd devs deem it safe to use "." (and also "..") in unit files would you share their opinion or will "." stay excluded? You are tending towards not adding it? Either way it would be nice to have a decision so I could move forward (either by simply waiting for an package update or if rejected, by finding a not-to-ugly work around for that limitation). > Another is that I want to be able to move foo to foo.disabled or > foo.bak, and have it not get picked up. That does not conflict with the idea to allow dots, yes? thanks, nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [PATCH] debian package upgrade restart issue
On Mon, 08 Aug 2016, nusenu wrote: > >> When upgrading, all running tor instances are stopped (not restarted, as > >> expected) > > > > This might be your root-cause as well? > > > > https://github.com/nusenu/ansible-relayor/issues/72 > > > > I'm generating instance names based on IP addresses_ORport (so they > > contain "." and "_") and are therefore filtered by the generator. > > > > Is it acceptable to add "." and "_" to the whitelist? > > > > (patches attached) > > Based on the output of 'systemd-escape' (a tool that escapes strings for > use in unit names) it is safe to use "." and "_" in unit names. I am always wary of allowing dots in anything. Allowing dots and thereby also allowing ".." is the origin of many vectors. This doesn't necessarily mean that it's a problem here, but it's the reason I usually exclude periods from. Another is that I want to be able to move foo to foo.disabled or foo.bak, and have it not get picked up. I could see adding underscores and hyphens, to match run-parts. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [PATCH] debian package upgrade restart issue
>> When upgrading, all running tor instances are stopped (not restarted, as >> expected) > > This might be your root-cause as well? > > https://github.com/nusenu/ansible-relayor/issues/72 > > I'm generating instance names based on IP addresses_ORport (so they > contain "." and "_") and are therefore filtered by the generator. > > Is it acceptable to add "." and "_" to the whitelist? > > (patches attached) Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] [PATCH] debian package upgrade restart issue
> When upgrading, all running tor instances are stopped (not restarted, as > expected) This might be your root-cause as well? https://github.com/nusenu/ansible-relayor/issues/72 I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator. Is it acceptable to add "." and "_" to the whitelist? (patches attached) 23c23 < if echo "x$name" | grep -q '[^a-zA-Z0-9]' || --- > if echo "x$name" | grep -q '[^a-zA-Z0-9._]' || 63c63 < if echo "x$name" | grep -q '[^a-zA-Z0-9]' || --- > if echo "x$name" | grep -q '[^a-zA-Z0-9._]' || signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
