[Whonix-devel] [Install] for static systemd unit file?

Patrick Schleizer patrick-mailinglists at whonix.org
Thu Mar 2 18:51:00 CET 2017

Felipe Sateler:
> On Wed, Mar 1, 2017 at 11:39 PM, Patrick Schleizer
> <patrick-mailinglists at whonix.org> wrote:
>> Felipe Sateler:
>>> On Wed, Mar 1, 2017 at 9:50 PM, Patrick Schleizer
>>> <patrick-mailinglists at whonix.org> wrote:
>>>> Felipe Sateler:
>>>>> On Wed, Mar 1, 2017 at 5:51 PM, Patrick Schleizer
>>>>> <patrick-mailinglists at whonix.org> wrote:
>>>>>> Michael Biebl:
>>>>>>> Am 01.03.2017 um 21:35 schrieb Patrick Schleizer:
>>>>>>>> Hi!
>>>>>>>> TLDR:
>>>>>>>> How should the [Install] section for static systemd unit file look like?
>>>>>>> The obvious question is: why does this service need to be statically
>>>>>>> enabled?
>>>>>> Given the example... With this socket / service file combination, I
>>>>>> wouldn't know how to enable the service non-statically.
>>>>> WantedBy=multi-user.target
>>>>>> In the current
>>>>>> implementation it looks to me right, and works.
>>>>>> I am still interested to do things the right way. Hence, I am asking
>>>>>> here for advice.
>>>>> Is there a reason you *don't* want to start your service until it is
>>>>> activated?
>>>> Right.
>>>> (And the reason is, there will be many such redirection sockets /
>>>> services. Many ports will not be used ever by lots of users. This saves
>>>> some RAM and perhaps boot speed. Also reduces noise from 'ps' (not loads
>>>> of duplicate systemd-socket-proxyd processes). Apparently '.socket'
>>>> files, systemd socket activation and systemd-socket-proxyd is fast. No
>>>> noticeable performance penalty in this use case.)
>>> Then you should make sure the service stops when there is no more
>>> input coming in for a while. The socket will continue listening, and
>>> when new traffic arrives, your service will be restarted.
>> That makes a lot sense. I would like to do that.
>> Apparently systemd-socket-proxyd has no timeout option.
>> https://www.freedesktop.org/software/systemd/man/systemd-socket-proxyd.html
>> I wouldn't know how to do that.
> If your real server closes the connection, and the client does too, it
> the socket proxy should shut itself down. I'm not 100% sure but that's
> what I read from a quick look at the sources.

The client is apt-get. The server on the remote side is Tor.

apt-get closes the connection. So should Tor be doing. However, Tor on
the remote side will keep listening. (Even when I shut stop Tor on the
remote side, the redirection service keeps running.)

> BTW, I see no relation from your proxy unit and the real unit. In
> particular, adding Requires= is very useful:
> 1. This means the target unit will be started if not already running
> (I think you already want this).
> 2. If the target unit exits, it brings down the socket proxy (that is,
> systemd also stops the socket proxy).

Added that. Thanks!

More information about the Whonix-devel mailing list