Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix restore logic to recreation of onion services #4133

Merged
merged 2 commits into from
Feb 14, 2019
Merged

fix restore logic to recreation of onion services #4133

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7fa0e99
fix restore logic to ensure recreation of onion services
heartsucker Feb 14, 2019
d1fe88f
Docs: install command will fetch Onion URLs from restore
emkll Feb 14, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 14 additions & 2 deletions install_files/ansible-base/roles/restore/files/restore.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"""

import os
import shutil
import subprocess
import sys
import tarfile
Expand Down Expand Up @@ -35,18 +36,29 @@ def verify_args():
def main():
verify_args()

# Remove the /var/lib/tor/services directories to purge values that may have been
# generated by running the ansible playbooks
for d in ['journalist', 'source']:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@heartsucker @emkll: for posterity can you explain why this change was necessary? Does the stanza below not overwrite the /var/lib/tor/services config files from the backup on the server in the correct locations?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In retrospect, it does not seem strictly necessary, unless I am missing something: the tar extraction should squash existing values on the server

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure V3 onion services add additional files, and I can't remember how tar -x works and if those extra files would cause bad behavior in the future.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the commit history and comments, it's not clear why this stanza is needed... it seems like a reasonable approach here is to determine if it's necessary. If it is, let's document why (at least in the PR). If we actually don't need this stanza, then we can just remove it in the spirit of reducing LOC to maintain.

full_path = os.path.join('/var/lib/tor/services', d)
if os.path.exists(full_path):
shutil.rmtree(full_path)

with tarfile.open(sys.argv[1], 'r:*') as backup:
# This assumes that both the old installation (source of the backup)
# and the new installation (destination of the restore) used the
# default paths for various locations.
backup.extractall(path='/')

# Apply database migrations (if backed-up version < version to restore)
subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code'])

# Update the configs
subprocess.check_call(['dpkg-reconfigure', 'securedrop-config'])

# Reload Tor and the web server so they pick up the new configuration
# If the process exits with a non-zero return code, raises an exception.
subprocess.check_call(['service', 'apache2', 'restart'])
subprocess.check_call(['service', 'tor', 'reload'])
# Apply database migrations (if backed-up version < version to restore)
subprocess.check_call(['dpkg-reconfigure', 'securedrop-app-code'])


if __name__ == "__main__":
Expand Down