2

I'm trying to build the following Dockerfile:

FROM alpine:latest
EXPOSE 9050 9051
RUN apk --update add tor
RUN echo "ControlPort 9051" >> /etc/tor/torrc
RUN password_hash=$(tor --hash-password "foo")
RUN echo "HashedControlPassword $password_hash" >> /etc/tor/torrc
CMD ["tor"]

I'm trying to add the line HashedControllPassword [pw] to /etc/tor/torrc, where [pw] is generated by the command tor --hash-password "foo". (I'm using "foo" as password in this example).

If I build the image using docker build --tag my_tor . and enter the command line using

docker run -it my_tor /bin/ash

and run cat /etc/tor/torrc, I see

ControlPort 9051
HashedControlPassword

In other words, in the end the torrc doesn't seem to contain the hashed password. However, similar commands in my Ubuntu terminal do work. Can anyone spot what the problem is?

Improve this question
1
  • 1
    Use ENV password_hash xxx or something similar, as What you do is only valid in this RUN and not later Commented Apr 28, 2017 at 16:01

1 Answer 1

Reset to default
3

You can use ARG

FROM alpine:latest
EXPOSE 9050 9051
ARG password
RUN apk --update add tor
RUN echo "ControlPort 9051" >> /etc/tor/torrc
RUN echo "HashedControlPassword $(tor --hash-password $password)" >> /etc/tor/torrc
CMD ["tor"]

And then build using:

docker build --build-arg password=foo Dockerfile

In general I would not bake password in an image. It would be better to provide those things when you run the container using -e.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

With this Dockerfile the second line of /etc/tor/torrc ends up as HashedControlPassword Apr 28 15:11:03.587 [warn] You are running Tor as root. You don't need to, and you probably shouldn't. 16:B93F54A5908CE0D7600AA8DA98933FD4BA5F903A71A83B776B1EF7F52A. So an entire warning message has been accidentally included. How can I prevent this?
Regarding my previous comment, the warning can be suppressed by using Tor's --quiet argument: tor --quiet --hash-password "foo".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.