Fix typo, add test for v2 secret key in env, fix docker build scripts

Makefile

@@ -1,12 +1,14 @@
 .EXPORT_ALL_VARIABLES:
 
 TOR_VERSION = $(shell bash last_tor_version.sh)
+CUR_COMMIT = $(shell git rev-parse --short HEAD)
+CUR_TAG = v$(TOR_VERSION)-$(CUR_COMMIT)
 
 test:
 	tox
 
 tag:
-	git tag v$(TOR_VERSION) -f
+	git tag $(CUR_TAG)
 
 release: test tag
 	git push origin --tags
@@ -19,6 +21,7 @@ build:
 	docker-compose -f docker-compose.build.yml build
 
 rebuild:
+	- echo rebuild with tor version $(TOR_VERSION)
 	docker-compose -f docker-compose.build.yml build --no-cache
 
 run: build
@@ -31,3 +34,6 @@ run-v2-socket: build
 
 run-v3: build
 	docker-compose -f docker-compose.v3.yml up --force-recreate
+
+run-v3-latest:
+	docker-compose -f docker-compose.v3.latest.yml up --force-recreate

README.md

@@ -22,7 +22,7 @@ services:
         # Set mapping ports
         HELLO_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80
         # Set private key
-        HELLO_TOR_SERVIVE_KEY: |
+        HELLO_TOR_SERVICE_KEY: |
             -----BEGIN RSA PRIVATE KEY-----
             MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
             NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH

assets/onions/onions/Service.py

@@ -8,6 +8,7 @@ import re
 
 from pytor import OnionV2
 from pytor import OnionV3
+from pytor.onion import EmptyDirException
 
 
 class ServicesGroup(object):
@@ -16,7 +17,6 @@ class ServicesGroup(object):
     version = None
     imported_key = False
     _default_version = 2
-    _imported_key = False
     _onion = None
     _hidden_service_dir = "/var/lib/tor/hidden_service/"
 
@@ -75,7 +75,7 @@ class ServicesGroup(object):
                 return service
 
     def add_key(self, key):
-        if self._imported_key:
+        if self.imported_key:
             logging.warning('Secret key already set, overriding')
         # Try to decode key from base64 encoding
         # import the raw data if the input cannot be decoded as base64
@@ -84,7 +84,7 @@ class ServicesGroup(object):
         except binascii.Error:
             pass
         self._onion.set_private_key(key)
-        self._imported_key = True
+        self.imported_key = True
 
     def __iter__(self):
         yield 'name', self.name
@@ -120,7 +120,7 @@ class ServicesGroup(object):
             self._onion.set_private_key_from_file(f)
 
     def load_key(self, override=False):
-        if self._imported_key and not override:
+        if self.imported_key and not override:
             return
         self.load_key_from_secrets()
         self.load_key_from_conf()
@@ -132,7 +132,7 @@ class ServicesGroup(object):
             return
         try:
             self._load_key(secret_file)
-            self._imported_key = True
+            self.imported_key = True
         except BaseException as e:
             logging.exception(e)
             logging.warning('Fail to load key from secret, '
@@ -144,7 +144,11 @@ class ServicesGroup(object):
             hidden_service_dir = self.hidden_service_dir
         if not os.path.isdir(hidden_service_dir):
             return
-        self._onion.load_hidden_service(hidden_service_dir)
+        try:
+            self._onion.load_hidden_service(hidden_service_dir)
+            self.imported_key = True
+        except EmptyDirException:
+            pass
 
     def gen_key(self):
         self.imported_key = False

assets/onions/tests/onions_test.py

@@ -208,6 +208,30 @@ def test_key(monkeypatch):
     assert onion.services[0].onion_url == onion_url
 
 
+def test_key_v2(monkeypatch):
+    key, onion_url = get_key_and_onion(version=2)
+    envs = [{
+        'GROUP1_TOR_SERVICE_HOSTS': '80:service1:80,81:service2:80',
+        'GROUP1_TOR_SERVICE_VERSION': '2',
+        'GROUP1_TOR_SERVICE_KEY': key,
+    }, {
+        'GROUP1_TOR_SERVICE_HOSTS': '80:service1:80,81:service2:80',
+        'GROUP1_TOR_SERVICE_KEY': key,
+    }]
+
+    for env in envs:
+        monkeypatch.setattr(os, 'environ', env)
+
+        onion = Onions()
+        onion._get_setup_from_env()
+        onion._load_keys_in_services()
+
+        assert len(os.environ) == len(env)
+        assert len(onion.services) == 1
+
+        assert onion.services[0].onion_url == onion_url
+
+
 def test_key_v3(monkeypatch):
     key, onion_url = get_key_and_onion(version=3)
     env = {

docker-compose.build.yml

@@ -4,7 +4,7 @@ version: "3.1"
 
 services:
   tor:
-    image: goldy/tor-hidden-service:$TOR_VERSION
+    image: goldy/tor-hidden-service:$CUR_TAG
     build:
       context: .
       args:

docker-compose.v1.yml

@@ -3,7 +3,7 @@
 # SEE README FOR INFORMATIONS
 
 tor:
-  image: goldy/tor-hidden-service:$TOR_VERSION
+  image: goldy/tor-hidden-service:$CUR_TAG
   links:
     - hello
     - world

docker-compose.v2.legacy.yml

@@ -4,7 +4,7 @@ version: "2"
 
 services:
   tor:
-    image: goldy/tor-hidden-service:$TOR_VERSION
+    image: goldy/tor-hidden-service:$CUR_TAG
     links:
       - hello
       - world

docker-compose.v2.socket.yml

@@ -4,7 +4,7 @@ version: "2"
 
 services:
   tor:
-    image: goldy/tor-hidden-service:$TOR_VERSION
+    image: goldy/tor-hidden-service:$CUR_TAG
     build: .
     links:
       - world

docker-compose.v2.yml

@@ -4,7 +4,7 @@ version: "2"
 
 services:
   tor:
-    image: goldy/tor-hidden-service:$TOR_VERSION
+    image: goldy/tor-hidden-service:$CUR_TAG
     links:
       - hello
       - world
@@ -13,7 +13,7 @@ services:
         # Set mapping ports
         HELLO_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80
         # Set private key
-        HELLO_TOR_SERVIVE_KEY: |
+        HELLO_TOR_SERVICE_KEY: |
             -----BEGIN RSA PRIVATE KEY-----
             MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
             NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH

docker-compose.v3.latest.yml

@@ -0,0 +1,54 @@
+# docker version 3 example
+
+version: "3.1"
+
+services:
+  tor:
+    image: goldy/tor-hidden-service:latest
+    links:
+      - hello
+      - world
+      - again
+    environment:
+        # Set version 3 on BAR group
+        BAR_TOR_SERVICE_HOSTS: '80:hello:80,88:world:80'
+        BAR_TOR_SERVICE_VERSION: '3'
+
+        # hello and again will share the same v2 onion_adress
+        FOO_TOR_SERVICE_HOSTS: '88:again:80,80:hello:80,800:hello:80,8888:hello:80'
+
+
+    # Keep keys in volumes
+    volumes:
+      - tor-keys:/var/lib/tor/hidden_service/
+
+    # Set secret for key, use the same name as the service
+    secrets:
+      - source: foo
+        target: foo
+        mode: 0400
+      - source: bar
+        target: bar
+        mode: 0400
+
+  hello:
+    image: tutum/hello-world
+    hostname: hello
+
+  world:
+    image: tutum/hello-world
+    hostname: world
+
+  again:
+    image: tutum/hello-world
+    hostname: again
+
+volumes:
+    tor-keys:
+        driver: local
+
+secrets:
+    foo:
+        file: ./private_key_foo_v2
+    bar:
+        file: ./private_key_bar_v3

docker-compose.v3.yml

@@ -4,7 +4,7 @@ version: "3.1"
 
 services:
   tor:
-    image: goldy/tor-hidden-service:$TOR_VERSION
+    image: goldy/tor-hidden-service:$CUR_TAG
     links:
       - hello
       - world

hooks/build

@@ -1,3 +1,5 @@
 #!/bin/bash
+v1="${SOURCE_BRANCH%-*}"
+tor_version=${v1:1}
 
-docker build --build-arg tor_version=${SOURCE_BRANCH:1} -f $DOCKERFILE_PATH -t $IMAGE_NAME .
+docker build --build-arg tor_version=${tor_version} -f $DOCKERFILE_PATH -t $IMAGE_NAME .

hooks/post_push

@@ -1,4 +1,4 @@
 #!/bin/bash
 
-docker tag $IMAGE_NAME ${repoName}:latest
-docker push ${repoName}:latest
+docker tag $IMAGE_NAME ${DOCKER_REPO}:latest
+docker push ${DOCKER_REPO}:latest