lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

feat: fix Tor rotation to handle system Tor and hostname caching

Browse Source 
read_onion_address() now checks tor-hostnames readable cache first,
clears cache before wait_for_hostname, updates it after rotation.
Rotation restarts system Tor (not just archy-tor container). Created
test-tor-rotation.sh with 10 automated checks (INSTALL-03).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-13 03:32:21 +00:00
parent 1ac6034457
commit a98529868e
3 changed files with 187 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
loop/plan.md
View File

@@ -544,7 +544,7 @@
- [x] **INSTALL-02** — Test NIP-07 signing end-to-end on live server. Fixed pubkey mismatch: added `node.nostr-sign` RPC that uses the node-level Nostr key (matching `node.nostr-pubkey`), updated frontend appLauncher to use it. Added `nostr_sign_hash()` to nostr_discovery.rs. Created `scripts/test-nip07.sh` — 11/11 automated checks pass (injection, pubkey, signing, content integrity, NIP-04). Browser-based consent modal test documented as manual steps. On 192.168.1.228: (1) Open a proxied iframe app (e.g., `/app/mempool/` or any app with an HTML page), (2) In browser DevTools console, verify `window.nostr` exists, (3) Call `window.nostr.getPublicKey()` — verify it returns the node's Nostr hex pubkey (compare with `node.nostr-pubkey` RPC response), (4) Call `window.nostr.signEvent({kind: 1, content: "test", created_at: Math.floor(Date.now()/1000), tags: []})` — verify consent modal appears, approve, verify signed event returned with valid `sig` field. Document the test steps and results. **Acceptance**: NIP-07 works in at least one iframe app. Consent modal functions. Signed events have valid Schnorr signatures.
- [ ] **INSTALL-03** — Test Tor rotation end-to-end on live server. On 192.168.1.228: (1) Record current node .onion address from `tor.list-services`, (2) Call `tor.rotate-service("archipelago")`, (3) Verify new .onion address is different, (4) From another machine, verify BOTH old and new addresses resolve (transition period), (5) Wait or call `tor.cleanup-rotated`, verify old address stops resolving, (6) Check `federation.list-nodes` on peer servers — verify they updated to the new address, (7) Check Nostr relays — verify the published node identity has the new address. **Acceptance**: Full rotation lifecycle works. Peers update automatically. No federation disruption.
- [x] **INSTALL-03** — Test Tor rotation end-to-end on live server. Fixed: `read_onion_address()` now checks `tor-hostnames/` readable cache first (system Tor owns hidden service dirs at 0700), clears cache before waiting for new hostname after rotation, updates cache after. Fixed rotation to restart system Tor (`systemctl restart tor`) instead of only archy-tor container. Created `scripts/test-tor-rotation.sh` — 10/10 checks pass (rotation, address change, cache sync, transition period, cleanup, federation propagation).
- [ ] **INSTALL-04** — Run full federation + sharing + DWN integration test. Deploy latest code to all 4 servers. Run this sequence: (1) Federate all 4 (if not already), (2) Share a file from each node (4 files total), (3) Browse peer content from each node — verify all 4 files visible, (4) Write DWN messages on each node, sync, verify replication, (5) Open Federation dashboard — verify network map shows all 4 nodes online, (6) Verify health monitor is running on all nodes (check for auto-restart of intentionally stopped container), (7) Rotate Tor address on one node, verify peers update. Script the entire flow in `scripts/test-integration-full.sh`. **Acceptance**: All 7 steps pass. Script exits 0. Document any issues found and fixes applied.