Re: [tor-relays] [PATCH] debian package upgrade restart issue
>>> I'm generating instance names based on IP addresses_ORport (so they >>> contain "." and "_") and are therefore filtered by the generator. >>> >>> Is it acceptable to add "." and "_" to the whitelist? >>> >>> (patches attached) >> >> Based on the output of 'systemd-escape' (a tool that escapes strings for >> use in unit names) it is safe to use "." and "_" in unit names. > > I am always wary of allowing dots in anything. Allowing dots and > thereby also allowing ".." is the origin of many vectors. This doesn't > necessarily mean that it's a problem here, but it's the reason I usually > exclude periods from. Since systemd devs deem it safe to use "." (and also "..") in unit files would you share their opinion or will "." stay excluded? You are tending towards not adding it? Either way it would be nice to have a decision so I could move forward (either by simply waiting for an package update or if rejected, by finding a not-to-ugly work around for that limitation). > Another is that I want to be able to move foo to foo.disabled or > foo.bak, and have it not get picked up. That does not conflict with the idea to allow dots, yes? thanks, nusenu signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [PATCH] debian package upgrade restart issue
On Mon, 08 Aug 2016, nusenu wrote: > >> When upgrading, all running tor instances are stopped (not restarted, as > >> expected) > > > > This might be your root-cause as well? > > > > https://github.com/nusenu/ansible-relayor/issues/72 > > > > I'm generating instance names based on IP addresses_ORport (so they > > contain "." and "_") and are therefore filtered by the generator. > > > > Is it acceptable to add "." and "_" to the whitelist? > > > > (patches attached) > > Based on the output of 'systemd-escape' (a tool that escapes strings for > use in unit names) it is safe to use "." and "_" in unit names. I am always wary of allowing dots in anything. Allowing dots and thereby also allowing ".." is the origin of many vectors. This doesn't necessarily mean that it's a problem here, but it's the reason I usually exclude periods from. Another is that I want to be able to move foo to foo.disabled or foo.bak, and have it not get picked up. I could see adding underscores and hyphens, to match run-parts. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `-https://www.debian.org/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [PATCH] debian package upgrade restart issue
>> When upgrading, all running tor instances are stopped (not restarted, as >> expected) > > This might be your root-cause as well? > > https://github.com/nusenu/ansible-relayor/issues/72 > > I'm generating instance names based on IP addresses_ORport (so they > contain "." and "_") and are therefore filtered by the generator. > > Is it acceptable to add "." and "_" to the whitelist? > > (patches attached) Based on the output of 'systemd-escape' (a tool that escapes strings for use in unit names) it is safe to use "." and "_" in unit names. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] [PATCH] debian package upgrade restart issue
> When upgrading, all running tor instances are stopped (not restarted, as > expected) This might be your root-cause as well? https://github.com/nusenu/ansible-relayor/issues/72 I'm generating instance names based on IP addresses_ORport (so they contain "." and "_") and are therefore filtered by the generator. Is it acceptable to add "." and "_" to the whitelist? (patches attached) 23c23 < if echo "x$name" | grep -q '[^a-zA-Z0-9]' || --- > if echo "x$name" | grep -q '[^a-zA-Z0-9._]' || 63c63 < if echo "x$name" | grep -q '[^a-zA-Z0-9]' || --- > if echo "x$name" | grep -q '[^a-zA-Z0-9._]' || signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Patch
Niels Hesse: Please excuse my ignorance. I saw the mention of a patch in the recent tor blog post. https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-4th-2013 How does one apply that? If you don't know already, it's probably better to simply wait a little bit. Everyone is working hard at this very moment to ready some useful code to mitigate the issues we are seeing. Expect a release soon. Otherwise, it means using Git to retrieve the right branch, and manually build tor. But kittens might get hurt until the code is ironed out. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Patch
On Wed, Sep 04, 2013 at 10:57:24PM +0200, Niels Hesse wrote: Oh, okay. Thank you for your answer. I really hope this will be resolved somehow. Keep an eye on https://trac.torproject.org/projects/tor/ticket/9657 if you want to follow along. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Patch
Oh, okay. Thank you for your answer. I really hope this will be resolved somehow. 2013/9/4 Lunar lu...@torproject.org: Niels Hesse: Please excuse my ignorance. I saw the mention of a patch in the recent tor blog post. https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-4th-2013 How does one apply that? If you don't know already, it's probably better to simply wait a little bit. Everyone is working hard at this very moment to ready some useful code to mitigate the issues we are seeing. Expect a release soon. Otherwise, it means using Git to retrieve the right branch, and manually build tor. But kittens might get hurt until the code is ironed out. -- Lunar lu...@torproject.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
