Skip to content

Commit

Permalink
fix: set HiddenServicePoWDefensesEnabled only on explicit securedrop_…
Browse files Browse the repository at this point in the history 
…app_pow_on_source_interface=True

Otherwise a "securedrop-admin install" without a prior "securedrop-admin
sdconfig" will default to enabling this feature.  Let's not surprise an
administrator who likely intended to enforce the existing configuration.

Co-authored-by: Kevin O'Gorman <kog@freedom.press>
(cherry picked from commit 02a81f1)
  • Loading branch information
@cfm @zenmonkeykstop
cfm authored and zenmonkeykstop committed Jun 13, 2024
1 parent 8220f27 commit 5eaa469
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion install_files/ansible-base/roles/tor-hidden-services/templates/torrc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ RunAsDaemon 1
HiddenServiceDir /var/lib/tor/services/sourcev3
HiddenServicePort 80 127.0.0.1:80

{% if securedrop_app_pow_on_source_interface|default(True) %}
{% if securedrop_app_pow_on_source_interface|default(False) %}
HiddenServicePoWDefensesEnabled 1
{% endif %}

Expand Down

0 comments on commit 5eaa469

Please sign in to comment.