diff --git a/Makefile b/Makefile index 0425904..3a0533e 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,14 @@ .EXPORT_ALL_VARIABLES: TOR_VERSION = $(shell bash last_tor_version.sh) +CUR_COMMIT = $(shell git rev-parse --short HEAD) +CUR_TAG = v$(TOR_VERSION)-$(CUR_COMMIT) test: tox tag: - git tag v$(TOR_VERSION) -f + git tag $(CUR_TAG) release: test tag git push origin --tags @@ -19,6 +21,7 @@ build: docker-compose -f docker-compose.build.yml build rebuild: + - echo rebuild with tor version $(TOR_VERSION) docker-compose -f docker-compose.build.yml build --no-cache run: build @@ -31,3 +34,6 @@ run-v2-socket: build run-v3: build docker-compose -f docker-compose.v3.yml up --force-recreate + +run-v3-latest: + docker-compose -f docker-compose.v3.latest.yml up --force-recreate diff --git a/README.md b/README.md index 5f22304..e23038a 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ services: # Set mapping ports HELLO_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80 # Set private key - HELLO_TOR_SERVIVE_KEY: | + HELLO_TOR_SERVICE_KEY: | -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH diff --git a/assets/onions/onions/Service.py b/assets/onions/onions/Service.py index 0db98aa..30638fe 100644 --- a/assets/onions/onions/Service.py +++ b/assets/onions/onions/Service.py @@ -8,6 +8,7 @@ import re from pytor import OnionV2 from pytor import OnionV3 +from pytor.onion import EmptyDirException class ServicesGroup(object): @@ -16,7 +17,6 @@ class ServicesGroup(object): version = None imported_key = False _default_version = 2 - _imported_key = False _onion = None _hidden_service_dir = "/var/lib/tor/hidden_service/" @@ -75,7 +75,7 @@ class ServicesGroup(object): return service def add_key(self, key): - if self._imported_key: + if self.imported_key: logging.warning('Secret key already set, overriding') # Try to decode key from base64 encoding # import the raw data if the input cannot be decoded as base64 @@ -84,7 +84,7 @@ class ServicesGroup(object): except binascii.Error: pass self._onion.set_private_key(key) - self._imported_key = True + self.imported_key = True def __iter__(self): yield 'name', self.name @@ -120,7 +120,7 @@ class ServicesGroup(object): self._onion.set_private_key_from_file(f) def load_key(self, override=False): - if self._imported_key and not override: + if self.imported_key and not override: return self.load_key_from_secrets() self.load_key_from_conf() @@ -132,7 +132,7 @@ class ServicesGroup(object): return try: self._load_key(secret_file) - self._imported_key = True + self.imported_key = True except BaseException as e: logging.exception(e) logging.warning('Fail to load key from secret, ' @@ -144,7 +144,11 @@ class ServicesGroup(object): hidden_service_dir = self.hidden_service_dir if not os.path.isdir(hidden_service_dir): return - self._onion.load_hidden_service(hidden_service_dir) + try: + self._onion.load_hidden_service(hidden_service_dir) + self.imported_key = True + except EmptyDirException: + pass def gen_key(self): self.imported_key = False diff --git a/assets/onions/tests/onions_test.py b/assets/onions/tests/onions_test.py index acc62b9..9a98626 100644 --- a/assets/onions/tests/onions_test.py +++ b/assets/onions/tests/onions_test.py @@ -208,6 +208,30 @@ def test_key(monkeypatch): assert onion.services[0].onion_url == onion_url +def test_key_v2(monkeypatch): + key, onion_url = get_key_and_onion(version=2) + envs = [{ + 'GROUP1_TOR_SERVICE_HOSTS': '80:service1:80,81:service2:80', + 'GROUP1_TOR_SERVICE_VERSION': '2', + 'GROUP1_TOR_SERVICE_KEY': key, + }, { + 'GROUP1_TOR_SERVICE_HOSTS': '80:service1:80,81:service2:80', + 'GROUP1_TOR_SERVICE_KEY': key, + }] + + for env in envs: + monkeypatch.setattr(os, 'environ', env) + + onion = Onions() + onion._get_setup_from_env() + onion._load_keys_in_services() + + assert len(os.environ) == len(env) + assert len(onion.services) == 1 + + assert onion.services[0].onion_url == onion_url + + def test_key_v3(monkeypatch): key, onion_url = get_key_and_onion(version=3) env = { diff --git a/docker-compose.build.yml b/docker-compose.build.yml index 16863f5..06f095a 100644 --- a/docker-compose.build.yml +++ b/docker-compose.build.yml @@ -4,7 +4,7 @@ version: "3.1" services: tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG build: context: . args: diff --git a/docker-compose.v1.yml b/docker-compose.v1.yml index 84a9209..96e997f 100644 --- a/docker-compose.v1.yml +++ b/docker-compose.v1.yml @@ -3,7 +3,7 @@ # SEE README FOR INFORMATIONS tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG links: - hello - world diff --git a/docker-compose.v2.legacy.yml b/docker-compose.v2.legacy.yml index 29726a2..b439cd6 100644 --- a/docker-compose.v2.legacy.yml +++ b/docker-compose.v2.legacy.yml @@ -4,7 +4,7 @@ version: "2" services: tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG links: - hello - world diff --git a/docker-compose.v2.socket.yml b/docker-compose.v2.socket.yml index 28f54ba..145df48 100644 --- a/docker-compose.v2.socket.yml +++ b/docker-compose.v2.socket.yml @@ -4,7 +4,7 @@ version: "2" services: tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG build: . links: - world diff --git a/docker-compose.v2.yml b/docker-compose.v2.yml index ed60dc0..5610480 100644 --- a/docker-compose.v2.yml +++ b/docker-compose.v2.yml @@ -4,7 +4,7 @@ version: "2" services: tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG links: - hello - world @@ -13,7 +13,7 @@ services: # Set mapping ports HELLO_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80 # Set private key - HELLO_TOR_SERVIVE_KEY: | + HELLO_TOR_SERVICE_KEY: | -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH diff --git a/docker-compose.v3.latest.yml b/docker-compose.v3.latest.yml new file mode 100644 index 0000000..94f5c15 --- /dev/null +++ b/docker-compose.v3.latest.yml @@ -0,0 +1,54 @@ +# docker version 3 example + +version: "3.1" + +services: + tor: + image: goldy/tor-hidden-service:latest + links: + - hello + - world + - again + environment: + # Set version 3 on BAR group + BAR_TOR_SERVICE_HOSTS: '80:hello:80,88:world:80' + BAR_TOR_SERVICE_VERSION: '3' + + # hello and again will share the same v2 onion_adress + FOO_TOR_SERVICE_HOSTS: '88:again:80,80:hello:80,800:hello:80,8888:hello:80' + + + # Keep keys in volumes + volumes: + - tor-keys:/var/lib/tor/hidden_service/ + + # Set secret for key, use the same name as the service + secrets: + - source: foo + target: foo + mode: 0400 + - source: bar + target: bar + mode: 0400 + + hello: + image: tutum/hello-world + hostname: hello + + world: + image: tutum/hello-world + hostname: world + + again: + image: tutum/hello-world + hostname: again + +volumes: + tor-keys: + driver: local + +secrets: + foo: + file: ./private_key_foo_v2 + bar: + file: ./private_key_bar_v3 diff --git a/docker-compose.v3.yml b/docker-compose.v3.yml index 00aa3ed..c37dc92 100644 --- a/docker-compose.v3.yml +++ b/docker-compose.v3.yml @@ -4,7 +4,7 @@ version: "3.1" services: tor: - image: goldy/tor-hidden-service:$TOR_VERSION + image: goldy/tor-hidden-service:$CUR_TAG links: - hello - world diff --git a/hooks/build b/hooks/build index 2fa1f9c..7c84cd1 100644 --- a/hooks/build +++ b/hooks/build @@ -1,3 +1,5 @@ #!/bin/bash +v1="${SOURCE_BRANCH%-*}" +tor_version=${v1:1} -docker build --build-arg tor_version=${SOURCE_BRANCH:1} -f $DOCKERFILE_PATH -t $IMAGE_NAME . +docker build --build-arg tor_version=${tor_version} -f $DOCKERFILE_PATH -t $IMAGE_NAME . diff --git a/hooks/post_push b/hooks/post_push index 004e4e8..e2acf11 100644 --- a/hooks/post_push +++ b/hooks/post_push @@ -1,4 +1,4 @@ #!/bin/bash -docker tag $IMAGE_NAME ${repoName}:latest -docker push ${repoName}:latest +docker tag $IMAGE_NAME ${DOCKER_REPO}:latest +docker push ${DOCKER_REPO}:latest