From 98c0b563f95e2b0655250652a56766d876eebb2a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 20 Apr 2018 10:45:53 +0100
Subject: [PATCH] Migrate hidden service definitions from torrc to their own
 file

This should reduce problems during tor package upgrades
---
 src/freedombone-upgrade     |  1 +
 src/freedombone-utils-onion | 58 ++++++++++++++++++++++++++++---------
 2 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/src/freedombone-upgrade b/src/freedombone-upgrade
index fc97f9d1a..ccea64ea3 100755
--- a/src/freedombone-upgrade
+++ b/src/freedombone-upgrade
@@ -95,6 +95,7 @@ if [ -d "$PROJECT_DIR" ]; then
         fi
 
         #rebuild_exim_with_socks
+        torrc_migrate
         nodejs_upgrade
         apt-get -yq -t stretch-backports install certbot
         email_install_tls
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 993348a68..06b686551 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -31,6 +31,30 @@ TOR_MAX_TRAFFIC_PER_MONTH_GB=10
 
 USE_V2_ONION_ADDRESS=
 HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
+ONION_SERVICES_FILE=/etc/torrc.d/freedombone
+
+function torrc_migrate {
+    if [ -f $ONION_SERVICES_FILE ]; then
+        return
+    fi
+    systemctl stop tor
+
+    mkdir /etc/torrc.d
+
+    grep "HiddenServiceDir\|HiddenServiceVersion\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> $ONION_SERVICES_FILE
+
+    if ! grep "HiddenServiceVersion" $ONION_SERVICES_FILE; then
+        return
+    fi
+
+    if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+        sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    else
+        echo "%include /etc/torrc.d" >> /etc/tor/torrc
+    fi
+
+    systemctl restart tor
+}
 
 function add_email_hostname {
     extra_email_hostname="$1"
@@ -80,17 +104,17 @@ function remove_onion_service {
     nick="$3"
 
     if [ ${#nick} -gt 0 ]; then
-        sed -i "/stealth ${nick}/d" /etc/tor/torrc
+        sed -i "/stealth ${nick}/d" $ONION_SERVICES_FILE
     fi
-    sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
-    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
-    sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
+    sed -i "/hidden_service_${onion_service_name}/,+1 d" $ONION_SERVICES_FILE
+    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" $ONION_SERVICES_FILE
+    sed -i "/127.0.0.1:${onion_service_port_to}/d" $ONION_SERVICES_FILE
     if [ "$3" ]; then
-        sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
+        sed -i "/127.0.0.1:${3}/d" $ONION_SERVICES_FILE
         if [ "$4" ]; then
-            sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
+            sed -i "/127.0.0.1:${4}/d" $ONION_SERVICES_FILE
             if [ "$5" ]; then
-                sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
+                sed -i "/127.0.0.1:${5}/d" $ONION_SERVICES_FILE
             fi
         fi
     fi
@@ -123,16 +147,16 @@ function add_onion_service {
         USE_V2_ONION_ADDRESS=
         exit 877367
     fi
-    if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
-        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+    if ! grep -q "hidden_service_${onion_service_name}" $ONION_SERVICES_FILE; then
+        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> $ONION_SERVICES_FILE
         if [ ! $USE_V2_ONION_ADDRESS ]; then
-            echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 3' >> $ONION_SERVICES_FILE
         else
-            echo 'HiddenServiceVersion 2' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 2' >> $ONION_SERVICES_FILE
         fi
-        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> $ONION_SERVICES_FILE
         if [ ${#onion_stealth_name} -gt 0 ]; then
-            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc
+            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> $ONION_SERVICES_FILE
         fi
     fi
 
@@ -295,6 +319,14 @@ function install_tor {
     sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
     sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
 
+    if [ ! -d /etc/torrc.d ]; then
+        mkdir /etc/torrc.d
+    fi
+    sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    if ! grep -q '%include /etc/torrc.d' /etc/tor/torrc; then
+        echo '%include /etc/torrc.d' >> /etc/tor/torrc
+    fi
+
     mark_completed "${FUNCNAME[0]}"
 }
 
-- 
GitLab