From: Sergey Ponomarev <stokito@gmail.com>
Date: Wed, 7 Feb 2024 22:01:07 +0000 (+0200)
Subject: tor-hs: put torrc_generated into in-memory folder /var/run/
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=94de72970ebcb98e2933aa1764c267ec90f3f97c;p=feed%2Fpackages.git

tor-hs: put torrc_generated into in-memory folder /var/run/

On each tor-hs service restart it generates a config file /etc/tor/torrc_generated.
The /etc/ is stored on a disk and kills it and slow.

Instead create a dedicated tor service Runtime Dir in the temp /var/run/.
It will be accessible only to the tor user.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
---

diff --git a/net/tor-hs/files/tor-hs.conf b/net/tor-hs/files/tor-hs.conf
index 2165670bec..48d69fd963 100644
--- a/net/tor-hs/files/tor-hs.conf
+++ b/net/tor-hs/files/tor-hs.conf
@@ -1,5 +1,5 @@
 config tor-hs common
-	option GenConf "/etc/tor/torrc_generated"
+	option GenConf "/var/run/tor/torrc_generated"
 	option HSDir "/etc/tor/hidden_service"
 	option RestartTor 1
 	option UpdateTorConf 1
diff --git a/net/tor-hs/files/tor-hs.init b/net/tor-hs/files/tor-hs.init
index 33e3b1a636..14166d354f 100755
--- a/net/tor-hs/files/tor-hs.init
+++ b/net/tor-hs/files/tor-hs.init
@@ -5,7 +5,7 @@ STOP=52
 
 USE_PROCD=1
 
-TORRC_FILE=/etc/tor/torrc_generated # file with torrc config
+TORRC_FILE=/var/run/tor/torrc_generated # file with torrc config
 HS_DIR_PATH=/etc/tor/hidden_service # onion services directory
 TOR_USER=tor
 
@@ -92,15 +92,19 @@ parse_common_conf() {
 }
 
 start_service() {
+	# create runtime dir
+	mkdir -p -m 700 /var/run/tor
+	chown -R "$TOR_USER:$TOR_USER" /var/run/tor
 	config_load tor-hs
 	validate_common_section || {
 		echo "validation failed"
 		return 1
 	}
-	# clean config
-	echo -n "" > "$TORRC_FILE"
 	# load common config
 	parse_common_conf
+	# clean config
+	echo -n "" > "$TORRC_FILE"
+	chown "$TOR_USER:$TOR_USER" "$TORRC_FILE"
 	# load hs service
 	config_foreach validate_hidden_service_section hidden-service parse_hs_conf
 	# update tor config
@@ -111,7 +115,7 @@ start_service() {
 
 validate_common_section() {
 	uci_validate_section tor-hs tor-hs common \
-		'GenConf:string:/etc/tor/torrc_generated' \
+		'GenConf:string:/var/run/tor/torrc_generated' \
 		'HSDir:string:/etc/tor/hidden_service' \
 		'RestartTor:bool:1' \
 		'UpdateTorConf:bool:1'