From c69097d7c9b2e982275af7f06a77e24a6c4e44c6 Mon Sep 17 00:00:00 2001 From: Alec Muffett Date: Tue, 18 May 2021 10:54:39 +0000 Subject: [PATCH] commit: bump tor version, fix a few checks, add helper script for renaming v3 secrets --- eotk | 2 +- lib.d/do-configure.pl | 22 +++------------------- lib.d/rename-v3onion-for-eotk.sh | 30 ++++++++++++++++++++++++++++++ opt.d/lib.sh | 2 +- 4 files changed, 35 insertions(+), 21 deletions(-) create mode 100755 lib.d/rename-v3onion-for-eotk.sh diff --git a/eotk b/eotk index 7c5e0d8..7c253fc 100755 --- a/eotk +++ b/eotk @@ -444,7 +444,7 @@ case "$cmd" in InvokeRemotely debugoff "$@" ;; - cleanup) ## project* ... | stop and remove trash files for projects (eg: after crash, "nginx.pid exists!" and ".sock exists!" errors, etc) + clean|cleanup) ## project* ... | stop and remove trash files for projects (eg: after crash, "nginx.pid exists!" and ".sock exists!" errors, etc) $need_to_run_locally && RunLocallyOverProjects cleanup "$@" InvokeRemotely cleanup "$@" ;; diff --git a/lib.d/do-configure.pl b/lib.d/do-configure.pl index faa20af..1f04b0f 100755 --- a/lib.d/do-configure.pl +++ b/lib.d/do-configure.pl @@ -22,16 +22,6 @@ chdir($here) or die "chdir: $here: $!\n"; ################################################################## -sub ValidOnion { - my $onion = shift; - return ( $onion =~ /^[a-z2-7]{16}(?:[a-z2-7]{40})?$/o ); -} - -sub ValidOnionV2 { - my $onion = shift; - return ( $onion =~ /^[a-z2-7]{16}$/o ); -} - sub ValidOnionV3 { my $onion = shift; return ( $onion =~ /^[a-z2-7]{56}$/o ); @@ -41,7 +31,7 @@ sub ExtractOnion { my $onion = shift; $onion =~ s!^.*/!!o; $onion =~ s!\.onion$!!o; - die "ExtractOnion: was not given a valid onion: $onion\n" unless (&ValidOnion($onion)); + die "ExtractOnion: was not given a valid onion: $onion\n" unless (&ValidOnionV3($onion)); return $onion; } @@ -55,7 +45,6 @@ sub OnionVersion { my $onion = shift; $onion = &ExtractOnion($onion); return 3 if (&ValidOnionV3($onion)); - return 2 if (&ValidOnionV2($onion)); die "OnionVersion: was not given a valid onion: $onion\n"; } @@ -450,15 +439,10 @@ sub DoProject { my $hs_dir = "$ENV{PROJECT_DIR}/$onion_dirname"; &MakeDir($hs_dir); - # install keyfile - # TODO: + # install keyfiles my $onion = &ExtractOnion($onion_doto); my $secrets_dir = "secrets.d"; - if (&ValidOnionV2($onion)) { - $key = "$secrets_dir/$onion.key"; - &CopyFile($key, "$hs_dir/private_key"); - } - elsif (&ValidOnionV3($onion)) { + if (&ValidOnionV3($onion)) { $pub = "$secrets_dir/$onion.v3pub.key"; $sec = "$secrets_dir/$onion.v3sec.key"; &CopyFile($pub, "$hs_dir/hs_ed25519_public_key"); diff --git a/lib.d/rename-v3onion-for-eotk.sh b/lib.d/rename-v3onion-for-eotk.sh new file mode 100755 index 0000000..b6f16c1 --- /dev/null +++ b/lib.d/rename-v3onion-for-eotk.sh @@ -0,0 +1,30 @@ +#!/bin/sh -x + +# Version 3 onion addresses require explicit declaration of the +# onion-address AS WELL AS the key materials; for simplicity and +# clarity we embed the onion address in the filenames, and we need two +# filenames for the two files. + +self=`basename $0` +hostname=hostname +public=hs_ed25519_public_key +secret=hs_ed25519_secret_key + +Fatal() { + echo "fatal error: $0: $@" 1>&2 + exit 1 +} + +for f in $hostname $public $secret ; do + test -f $f || Fatal "cannot file file '$f' for data" +done + +onion=`cat hostname` || Fatal "cannot read 'hostname' file to establish onion address" +onion=`basename $onion .onion` # strip verbiage + +public2="$onion.v3pub.key" +secret2="$onion.v3sec.key" + +cp $public $public2 || Fatal "cannot copy $public to $public2" + +cp $secret $secret2 || Fatal "cannot copy $secret to $secret2" diff --git a/opt.d/lib.sh b/opt.d/lib.sh index 4be1210..f25adbf 100644 --- a/opt.d/lib.sh +++ b/opt.d/lib.sh @@ -60,7 +60,7 @@ ConfigureOpenResty() { # this accepts arguments SetupTorVars() { tool="tor" - tool_version="0.4.3.5" + tool_version="0.4.5.8" tool_signing_keys="6AFEE6D49E92B601 C218525819F78451" tool_url="https://dist.torproject.org/$tool-$tool_version.tar.gz" tool_sig_url="https://dist.torproject.org/$tool-$tool_version.tar.gz.asc"