Tor relays are supposed to shut down gracefully through SIGINT so that tor clients can choose a new path.
This helps against correlation attacks by NASA.
The OpenRC script used on Artix (and Gentoo (https://wiki.gentoo.org/wiki/OpenRC/supervise-daemon#tor), it seems) sends SIGINT to supervise-daemon, which in turn sends SIGTERM to the tor relay.
This kills the relay instantly, putting users at risk.
Expected result:
[notice] Interrupt: we have stopped accepting new connections, and will shut down in 30 seconds. Interrupt again to exit now.
[notice] Delaying directory fetches: We are hibernating or shutting down.
[notice] Clean shutdown finished. Exiting.
Actual result:
[notice] Catching signal TERM, exiting cleanly.
Uncommenting GRACEFUL_TIMEOUT in /etc/conf.d/tor did not help.
I hope I'm not missing something here but to me this seems like a glitch.
I'm a noob when it comes to OpenRC so after various attempts I "fixed" it with this ugly addition to init.d/tor:
own_pidfile="/run/tor/tor1-own-pidfile.pid"
command_args="--hush --PidFile ${own_pidfile}"
stop() {
ebegin "Gracefully stopping tor..."
TOR_PID=$(cat $own_pidfile)
start-stop-daemon -s ${stopsig} --pidfile ${own_pidfile} --exec ${command}
ebegin "Sent kill signal ${stopsig}"
tail --pid $TOR_PID -f /dev/null
start-stop-daemon --stop --pidfile ${pidfile}
ebegin "Tor stopped, supervisor killed."
eend $?
}
On second thought, I guess I should just have gotten rid of supervise-daemon.
Anyway, hope this helps someone.
What configuration or commandline options do you use? My own instance exits immediately on SIGINT:
# kill -INT 96060
Jul 13 20:11:31.000 [notice] Interrupt: exiting cleanly.