Delivery-Date: Wed, 20 Jan 2016 20:30:22 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BA94C1E2FEC;
	Wed, 20 Jan 2016 20:30:20 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 62A1439326;
	Thu, 21 Jan 2016 01:30:14 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 61CAC392EB
 for <tor-talk@lists.torproject.org>; Thu, 21 Jan 2016 01:30:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id NGUViD6NNYY4 for <tor-talk@lists.torproject.org>;
 Thu, 21 Jan 2016 01:30:10 +0000 (UTC)
Received: from mail-yk0-x242.google.com (mail-yk0-x242.google.com
 [IPv6:2607:f8b0:4002:c07::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 30C7F392E9
 for <tor-talk@lists.torproject.org>; Thu, 21 Jan 2016 01:30:10 +0000 (UTC)
Received: by mail-yk0-x242.google.com with SMTP id k129so2162867yke.3
 for <tor-talk@lists.torproject.org>; Wed, 20 Jan 2016 17:30:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type:content-transfer-encoding;
 bh=xgcQA6v+wcq81G63nwJHUQSpW1Ua+hfb3qXpYZc76so=;
 b=fi9rHbS3gEesHu0ePTlQBvVHKt6oo1/Ylxq3JvCsWq+EDiXEU4lDMEXyctCDPy2x/r
 PdZfC87+/9/toSAfzUeQAqrNpPn8cKZ0kyIJoWWLBNzgOTvqpABkb7QaNkndcrJq7zEF
 4x8fh5ZkC4Tjxr6JC2VcE3dH4oW0TChOiEn2OYROT5kGOup6WFvzxqIdKA8Gm9V+F2wJ
 K135JSFoljCrw9G9Q1KPRVrzt9MEovcVcFIHRtva/nvLaqQbAEsoA34btS3Ep9k8O6eX
 XypqnGQfh9x0HrgkOXUBVgfYCeFu0zGoBcLDUkJi7MRIL4MNJQQAfUmG+oh33GQxRbp8
 2qPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type:content-transfer-encoding;
 bh=xgcQA6v+wcq81G63nwJHUQSpW1Ua+hfb3qXpYZc76so=;
 b=ZzKYsqYcgzP27JBfOknnsA9ZynOOJZlIrAXpBkHBMumgBomm8zR22ErhB2xRdZt3nl
 TlLf1OlyiCAU7tPmtEWd1YudmoVYUohpaIJh3liS4JILCaxzaDwNwDX5sRxj3D6kuoIJ
 TYEgQPe9hFJxGgnRBT4IsSxR3+gOdRGfgnVTVkXcNiOLUoTWX77UzEkufgYC0dUbFH4H
 y2s1ohwVzJUwsp1+DlzQc0EEg79dv6h61MR5ovO/OQbnWzNMkzHNW7LQ9onAs4dH518A
 SetdZyTBSpsngks4RHfLkt5svnWta9yxueNUWhq0yPGo8bnu/s7FpsyiOfrHIOF7Mlw3
 R+yg==
X-Gm-Message-State: ALoCoQn9Hdh2q6Hd9pwE5F853aiA911QkK6j9b0MJnoujfxlPks11VR2fgaxOducDX1LufXsIt2fBcZ/L4Deq33qozdvbDTw5w==
MIME-Version: 1.0
X-Received: by 10.37.87.65 with SMTP id l62mr11827840ybb.149.1453339807759;
 Wed, 20 Jan 2016 17:30:07 -0800 (PST)
Received: by 10.129.85.150 with HTTP; Wed, 20 Jan 2016 17:30:07 -0800 (PST)
In-Reply-To: <C70326E8-0427-4D41-9B0D-4F7D0767D4E1@gmail.com>
References: <0C175F9B-9446-41E7-9479-A52E3589F379@gmail.com>
 <CAJVRA1SX3wFFm519DXQsYcRYSkRbzJDXJGe+ctj=V1Yeon47yg@mail.gmail.com>
 <C70326E8-0427-4D41-9B0D-4F7D0767D4E1@gmail.com>
Date: Thu, 21 Jan 2016 01:30:07 +0000
Message-ID: <CAFN1edpi8F=7rGz5HVk5KMFPPLGrgnYCsAarVQMno0AdeRaZ6Q@mail.gmail.com>
From: David Stainton <dstainton415@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Scripted installer of Tor and more being worked on
 at GitHub, ya may want to sit down for this...
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

hmm it's written in bash. that would not have been my first choice to
express this type of software.
why bash?

i like ansible's agent-less design (no SPOF server with ambient
authority) however it's restrictive yaml really lacks expressiveness
and writing ansible modules in addition to yaml seems like a waste of
time. however there is some excellent ansible tor stuff written for
use by relay operators; meaning that it doesn't have nearly all the
features that your thing has... but should be good enough for most
relay operators:

https://github.com/nusenu/ansible-relayor


i think in the future if i had to automate this sort of thing I'd use
bcfg2 in non-SPOF mode (that is, without a centralized server).


On Thu, Jan 21, 2016 at 12:26 AM, Michael <strangerthanbland@gmail.com> wrote:
> Coderman, most welcome.
>
> To answer your question on port binding; that's a bit tricky, and depends on what types of Tor nodes are chosen. Oh and the most up to date documentation for variables and script arguments can be found in the [ ~/variables/ blank_torinstall_vars.sh ] file, I'll have to rename it and/or split it up by package name latter (much like the default variables files) as well as do more edits to ensure that it nulls all variables on exit.
>  - for bridge torrc files this is assigned within the `case` statement and only if "public" subtype was selected; sets to port "0" by default to keep public out of your bridge's socks. I'll have to read up a little more on security issues/mitigation for bridge nodes in relation to socks port. More than likely the "privet" bridge option will be making use of Polipo so I'll be sure to at least add a bridge socks port option soon.
> - for client torrc files this is assigned within the `for` loop starting at port 10010 on line 11 for SocksPort, ie [ SocksPort 100${_tor_count}0 ] and counting up to the number given via [-C=4] command which also maybe assigned with [ _connection_count =4 ]  within a configuration file passed with [ -vf=some_config.sh ] command. This same value is also used by Privoxy so I'll have to write a few sanity checks and edits before adding a client socks port prefix option. For [ SocksBindAddress ] and listen and accept policies I'll be adding two new options [ -TSBA ] and [ -TSLA ] for binding and listening and then use some scripted logic for acceptance lines... oh well that wasn't to hard :-D next code push now includes these last two options.
> - for exit torrc files this like public bridges is set to "0" as well as setting the socks acceptance policy to reject by default. Note next code push will now include variable [ ${_tor_dir_port:-9030} ] set by [ -TDP=9030 ] for assigning torrc's DirPort. Additionally I've added some checks for binding to the external and local IP:Port or Port alone (makes Tor guess) for config lines like [ OutboundBindAddress ], and the [ -TOP=9001 ] or [ ${_tor_or_port:-9001} ] has been corrected for assigning the ORPort. I still have to add a `for` loop for IPv4/v6 [ ExitPolicy accept ... ] to allow for adding more ports than just the restrictive policy list currently coded for.
> - for hidden service torrc files socks ports and addresses have not even been set yet but it may be best to disable it completely.
>
> If you happen to know which versions are incompatible with Tor port binding configuration or where I can find this info I can add another set of checks based on Tor version where needed.
>
> Thanks for taking the dive into the code Coderman, more eyes are defiantly better when dealing with this many lines of configurations.
>
> On January 20, 2016 3:54:43 AM PST, coderman <coderman@gmail.com> wrote:
>>On 1/19/16, Michael <strangerthanbland@gmail.com> wrote:
>>> Salutations Tor,
>>>
>>> I've something special to share with you all; regardless of if you're
>>a node
>>> operator, hidden service provider, client or completely new to Tor
>>> installation and configurations... in short... a script pack aimed to
>>> install and configure the previously listed node types and then a
>>little
>>> more.
>>> https://github.com/S0AndS0/Perinoid_Linux_Project
>>
>>interesting; thank you!
>>
>>
>>> ... Feel free to ask questions,
>>
>>i did not see a way for general preferance of control socket, socks
>>socket, etc, over IP:Port in configs. this would be useful, but also
>>need graceful fallback as older Tor versions do not support socket
>>type for some services...  [codespelunking continues]
>>
>>
>>best regards,
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

