Fix tor configuration parsing to avoid loading of secrets

3 years ago · a37645543f
parent 3434863f10
commit a37645543f
5 changed files with 389 additions and 391 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-0.4.4.7
+0.4.5.6
--- a/docker-compose.v3.yml
+++ b/docker-compose.v3.yml
@ -24,12 +24,8 @@ services:

    # Set secret for key, use the same name as the service
    secrets:
-      - source: foo
-        target: foo
-        mode: 0400
-      - source: bar
-        target: bar
-        mode: 0400
+      - foo
+      - bar

  hello:
    image: tutum/hello-world
--- a/onions/Onions.py
+++ b/onions/Onions.py
@ -113,9 +113,9 @@ class Setup(object):
        assert len(key) > 800
        self.setup[host]['key'] = key

-    def _load_keys_in_services(self):
+    def _load_keys_in_services(self, secret=True):
        for service in self.services:
-            service.load_key()
+            service.load_key(secret=secret)

    def _get_service(self, host, service):
        self._add_host(host)
@ -437,7 +437,7 @@ class Onions(Setup):
                    service.add_ports(service_dict['ports'])
                    if service not in group.services:
                        group.add_service(service)
-            self._load_keys_in_services()
+            self._load_keys_in_services(secret=False)

        if not os.path.exists(self.torrc):
            return
@ -489,16 +489,16 @@ def main():
    logging.getLogger().setLevel(logging.WARNING)
    try:
        onions = Onions()
-        if args.setup:
-            onions.setup_hosts()
-        else:
-            onions.torrc_parser()
        if args.vanguards:
            onions.run_vanguards()
            return
        if args.resolve_control_port:
            onions.resolve_control_port()
            return
+        if args.setup:
+            onions.setup_hosts()
+        else:
+            onions.torrc_parser()
    except BaseException as e:
        logging.exception(e)
        error_msg = str(e)
--- a/onions/Service.py
+++ b/onions/Service.py
@ -113,10 +113,11 @@ class ServicesGroup(object):
        with open(key_file, 'rb') as f:
            self._onion.set_private_key_from_file(f)

-    def load_key(self, override=False):
+    def load_key(self, override=False, secret=True):
        if self.imported_key and not override:
            return
-        self.load_key_from_secrets()
+        if secret:
+            self.load_key_from_secrets()
        self.load_key_from_conf()

    def load_key_from_secrets(self):
--- a/poetry.lock
+++ b/poetry.lock
 @ -1 +1 @@
 .4.4.7
 .4.5.6