revert

changelog.upstream

@@ -1,45 +1,3 @@
-commit 272dbb499f9ad5c4a8becb6e957fa9d8748b472c
-Merge: 639e001 4df11c4
-Author: Patrick Schleizer <adrelanos@whonix.org>
-Date:   Mon Oct 24 11:53:02 2022 -0400
-
-    Merge remote-tracking branch 'github-whonix/master'
-
-commit 4df11c40368dd19ded64fb6bb7b16c311c42d194
-Merge: 639e001 884d6eb
-Author: Patrick Schleizer <adrelanos@whonix.org>
-Date:   Mon Oct 24 11:50:38 2022 -0400
-
-    Merge pull request #3 from nyxnor/reborn
-
-    Reborn
-
-commit 884d6eba523ec98a88b3cc1326d71c7fd83847c8
-Author: nyxnor <nyxnor@protonmail.com>
-Date:   Mon Oct 24 15:19:35 2022 +0000
-
-    support multiple directories and multiple matchers
-
-    allow support for different hosts for remote connections, deprecating onion-grater-merger. Sorting made in reverse to honor precedence as parsing stops at first match. https://forums.whonix.org/t/onion-grater-wiki-improvements/15845
-
-commit 2353be12767d933ebc43b6dd3f49928191a43b41
-Author: nyxnor <nyxnor@protonmail.com>
-Date:   Mon Oct 24 15:17:28 2022 +0000
-
-    no need to edit systemd file to set arguments
-
-commit ed4af1fcc9b07f6e6278dad18a4ecfc080c35fb7
-Author: nyxnor <nyxnor@protonmail.com>
-Date:   Mon Oct 24 12:25:16 2022 +0000
-
-    fix old apparmor variable
-
-commit 639e001200765e96a3d19cf436ff7e5e28b2b764
-Author: Patrick Schleizer <adrelanos@whonix.org>
-Date:   Sun Oct 23 18:45:52 2022 -0400
-
-    bumped changelog version
-
 commit b29145be966f4c90ea6bc987383dc718863fdfcd
 Merge: 525bc71 a7cbd28
 Author: Patrick Schleizer <adrelanos@whonix.org>

debian/changelog

@@ -1,9 +1,3 @@
-onion-grater (3:10.8-1) unstable; urgency=medium
-
-  * New upstream version (local package).
-
- -- Patrick Schleizer <adrelanos@whonix.org>  Mon, 24 Oct 2022 15:54:36 +0000
-
 onion-grater (3:10.7-1) unstable; urgency=medium
 
   * New upstream version (local package).

etc/apparmor.d/usr.lib.onion-grater

@@ -31,18 +31,8 @@
   /etc/nsswitch.conf r,
   /etc/gai.conf r,
 
-  ## Configuration directories
   /etc/onion-grater.d/ r,
   /etc/onion-grater.d/* r,
-  /usr/local/etc/onion-grater.d/ r,
-  /usr/local/etc/onion-grater.d/* r,
-  ## Merger directories for compatibility
-  /etc/onion-grater-merger.d/ r,
-  /etc/onion-grater-merger.d/* r,
-  /usr/local/etc/onion-grater-merger.d/ r,
-  /usr/local/etc/onion-grater-merger.d/* r,
-  /usr/share/doc/onion-grater-merger/examples/ r,
-  /usr/share/doc/onion-grater-merger/examples/* r,
 
   /run/tor/control.authcookie r,
   /run/tor/control rw,

lib/systemd/system/onion-grater.service

@@ -17,7 +17,7 @@ ConditionPathExists=!/run/qubes/this-is-templatevm
 
 [Service]
 ## 'ExecStart' gets overwritten in Whonix by file:
-## /lib/systemd/system/onion-grater.service.d/30_whonix.conf
+## /lib/systemd/system/onion-grater.service.d/30_cpfpy.conf
 ExecStart=/usr/lib/onion-grater
 
 User=onion-grater

usr/lib/onion-grater

@@ -141,7 +141,6 @@ import textwrap
 import time
 import yaml
 
-DEFAULT_PROFILE_DIR = ['/etc/onion-grater.d/']
 DEFAULT_LISTEN_ADDRESS = 'localhost'
 DEFAULT_LISTEN_PORT = 9051
 DEFAULT_COOKIE_PATH = '/run/tor/control.authcookie'
@@ -550,15 +549,11 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
         self.restrict_stream_events = False
         self.server_address = self.server.server_address
         self.subscribed_event_listeners = []
-        profile_dir = []
-        for directory in global_args.profile_dir:
-          profile_dir += glob.glob(directory + '*.yml')
-        profile_dir.sort(reverse = True)
-        for filter_file in profile_dir:
+        for filter_file in glob.glob('/etc/onion-grater.d/*.yml'):
             try:
                 with open(filter_file, "rb") as fh:
                     filters = yaml.safe_load(fh.read())
-                    name = re.sub(r'\.yml$', '', os.path.abspath(filter_file))
+                    name = re.sub(r'\.yml$', '', os.path.basename(filter_file))
                     for filter_ in filters:
                         if name not in filter_:
                             filter_['name'] = name
@@ -624,13 +619,11 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
                            if all(any(val == expected_val or val == '*'
                                       for val in filter_.get(key, []))
                                   for key, expected_val in matchers)]
-
         if len(matched_filters) == 0:
             return
-        if global_args.multiple_matches == False and \
-           len(matched_filters) > 1:
-            raise RuntimeError('multiple filters matched: {}'
-                               .format(matched_filters))
+        elif len(matched_filters) > 1:
+            raise RuntimeError('multiple filters matched: ' +
+                               ', '.join(matched_filters))
         matched_filter = matched_filters[0]
         self.filter_name = matched_filter['name']
         commands = matched_filter.get('commands', {}) or {}
@@ -764,17 +757,6 @@ class FilteredControlPortProxy(socketserver.ThreadingTCPServer):
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument(
-        "--multiple-matches",
-        action='store_true', default=False,
-        help="allow multiple files to match "
-    )
-    parser.add_argument(
-        "--profile-dir",
-        action='append', metavar='DIR',
-        help="specifies the directory on which the profiles are " +
-             "(default: {})".format(DEFAULT_PROFILE_DIR)
-    )
     parser.add_argument(
         "--listen-address",
         type=str, metavar='ADDR', default=DEFAULT_LISTEN_ADDRESS,
@@ -823,24 +805,13 @@ def main():
     if global_args.listen_interface:
         ip_address = get_ip_address(global_args.listen_interface)
         if global_args.debug:
-            log("IP address for interface {}: {}".format(
+            log("IP address for interface {} : {}".format(
                 global_args.listen_interface, ip_address))
     else:
         ip_address = global_args.listen_address
     address = (ip_address, global_args.listen_port)
     server = FilteredControlPortProxy(address, FilteredControlPortProxyHandler)
     log("Tor control port filter started, listening on {}:{}".format(*address))
-    profile_dir = []
-    # https://bugs.python.org/issue16399
-    if global_args.profile_dir == None:
-      global_args.profile_dir = DEFAULT_PROFILE_DIR
-    for dir in global_args.profile_dir:
-        # Don't duplicate directories
-        if dir not in profile_dir:
-            # Adds trailing slash at the end of dir if it doesn't exist yet
-            profile_dir.append(os.path.join(dir, ''))
-    global_args.profile_dir = profile_dir
-    log("Profile directory: {}".format(profile_dir))
     try:
         server.serve_forever()
     except KeyboardInterrupt:

usr/share/doc/onion-grater-merger/examples/40_bisq.yml

@@ -9,7 +9,7 @@
 #### meta end
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'

usr/share/doc/onion-grater-merger/examples/40_bitcoind.yml

@@ -21,7 +21,7 @@
 ## Listen on onion by setting in your bitcoin.conf "bind=0.0.0.0:8334=onion".
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'

usr/share/doc/onion-grater-merger/examples/40_onion_authentication.yml

@@ -22,7 +22,7 @@
 #XAJKD2BRVOI4C4IHK2OWF3EKIJNVIDBVCP2IM2Z2ZHPN456HNRZA
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'

usr/share/doc/onion-grater-merger/examples/40_onionshare.yml

@@ -25,7 +25,7 @@
 ## HsDir gets redacted.
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'

usr/share/doc/onion-grater-merger/examples/40_ricochet.yml

@@ -12,7 +12,7 @@
 ##       https://github.com/ricochet-im/ricochet/issues/30#issuecomment-271646818
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'

usr/share/doc/onion-grater-merger/examples/40_zeronet.yml

@@ -9,7 +9,7 @@
 #### meta end
 
 ---
-- apparmor-profiles:
+- exe-paths:
     - '*'
   users:
     - '*'