Tor relays are supposed to shut down gracefully through SIGINT so that tor clients can choose a new path.
This helps against correlation attacks by NASA.
The OpenRC script used on Artix (and Gentoo, it seems) sends SIGINT to supervise-daemon, which in turn sends SIGTERM to the tor relay.
This kills the relay instantly, putting users at risk.
Expected result:
[notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
[notice] Delaying directory fetches: We are hibernating or shutting down.
[notice] Clean shutdown finished. Exiting.
Actual result:
[notice] Catching signal TERM, exiting cleanly.
Uncommenting GRACEFUL_TIMEOUT in /etc/conf.d/tor did not help.
I hope I'm not missing something here but to me this seems like a glitch.
I'm a noob when it comes to OpenRC so after various attempts I "fixed" it with this ugly addition to init.d/tor:
own_pidfile="/run/tor/tor1-own-pidfile.pid"
command_args="--hush --PidFile ${own_pidfile}"
stop() {
ebegin "Gracefully stopping tor..."
TOR_PID=$(cat $own_pidfile)
start-stop-daemon -s ${stopsig} --pidfile ${own_pidfile} --exec ${command}
ebegin "Sent kill signal ${stopsig}"
tail --pid $TOR_PID -f /dev/null
start-stop-daemon --stop --pidfile ${pidfile}
ebegin "Tor stopped, supervisor killed."
eend $?
}
On second thought, I guess I should just have gotten rid of supervise-daemon.
Anyway, hope this helps someone.
Topic: tor-openrc sends SIGTERM to tor daemon, instakilling relays (Read 1371 times)
previous topic - next topic
