[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#32346] [PATCH 6/6] services: tor: Make it easier to use UNIX socket
From: |
Chris Marusich |
Subject: |
[bug#32346] [PATCH 6/6] services: tor: Make it easier to use UNIX sockets. |
Date: |
Wed, 1 Aug 2018 23:51:59 -0700 |
* doc/guix.texi (Networking Services): Document it, and mention that
tor-service is deprecated.
* gnu/services/networking.scm (<tor-configuration>) <socks-socket-type>:
New field.
(tor-configuration->torrc): When socks-socket-type is 'unix, set
SocksPort to UNIX domain socket /var/run/tor/socks-sock and set
UnixSocksGroupWritable to 1.
* gnu/tests/networking.scm (%tor-os/unix-socks-socket): Instead of using
a custom config file, just set socks-socket-type to 'unix.
---
doc/guix.texi | 52 ++++++++++++++++++++++++++++++++-----
gnu/services/networking.scm | 10 +++++--
gnu/tests/networking.scm | 8 +-----
3 files changed, 54 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 080b091b3..c72b1e480 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -11445,16 +11445,54 @@ detailed discussion of each configuration field.
@end deftp
@cindex Tor
address@hidden {Scheme Procedure} tor-service address@hidden [#:tor @var{tor}]
-Return a service to run the @uref{https://torproject.org, Tor} anonymous
-networking daemon.
address@hidden {Scheme Variable} tor-service-type
+This is the type for a service that runs the @uref{https://torproject.org,
+Tor} anonymous networking daemon. The service is configured using a
address@hidden<tor-configuration>} record. By default, the TOR daemon runs as
the
address@hidden unprivileged user, which is a member of the @code{tor} group.
+
address@hidden defvr
-The daemon runs as the @code{tor} unprivileged user. It is passed
address@hidden, a file-like object, with an additional @code{User tor} line
-and lines for hidden services added via @code{tor-hidden-service}. Run
address@hidden tor} for information about the configuration file.
address@hidden {Scheme Procedure} tor-service address@hidden [#:tor @var{tor}]
+This procedure is deprecated and will be removed in a future release. Return
+a service of the @code{tor-service-type} type. @var{config-file} and
address@hidden have the same meaning as in @code{<tor-configuration>}.
@end deffn
address@hidden {Data Type} tor-configuration
address@hidden @asis
address@hidden @code{tor} (default: @code{tor})
+The package that provides the TOR daemon. This package is expected to provide
+the daemon at @file{bin/tor} relative to its output directory. The default
+package is the @uref{https://www.torproject.org, TOR Project's}
+implementation.
address@hidden @code{config-file} (default: @code{(plain-file "empty" "")})
+The configuration file to use. It will be appended to a default configuration
+file, and the final configuration file will be passed to @code{tor} via its
address@hidden option. This may be any ``file-like'' object
(@pxref{G-Expressions,
+file-like objects}). See @code{man tor} for details on the configuration file
+syntax.
address@hidden @code{hidden-services} (default: @code{'()})
+The list of @code{<hidden-service>} records to use. For any hidden service
+you include in this list, appropriate configuration to enable the hidden
+service will be automatically added to the default configuration file. You
+may conveniently create @code{<hidden-service>} records using the
address@hidden procedure described below.
address@hidden @code{socks-socket-type} (default: @code{'tcp})
+The default socket type that TOR should use for its SOCKS socket. This must
+be either @code{'tcp} or @code{'unix}. If it is @code{'tcp}, then by default
+TOR will listen on TCP port 9050 on the loopback interface (i.e., localhost).
+If it is @code{'unix}, then TOR will listen on the UNIX domain socket
address@hidden/var/run/tor/socks-sock}, which will be made writable by members
of the
address@hidden group.
+
+If you want to customize the SOCKS socket in more detail, leave
address@hidden at its default value of @code{'tcp} and use
address@hidden to override the default by providing your own
address@hidden option.
address@hidden table
address@hidden deftp
+
@cindex hidden service
@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
Define a new Tor @dfn{hidden service} called @var{name} and implementing
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9523f97f6..a7f722807 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -577,7 +577,9 @@ demand.")))
(config-file tor-configuration-config-file
(default (plain-file "empty" "")))
(hidden-services tor-configuration-hidden-services
- (default '())))
+ (default '()))
+ (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
+ (default 'tcp)))
(define %tor-accounts
;; User account and groups for Tor.
@@ -599,7 +601,7 @@ demand.")))
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match config
- (($ <tor-configuration> tor config-file services)
+ (($ <tor-configuration> tor config-file services socks-socket-type)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -615,6 +617,10 @@ User tor
DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
+ (when (eq? 'unix '#$socks-socket-type)
+ (display "\
+SocksPort unix:/var/run/tor/socks-sock
+UnixSocksGroupWritable 1\n" port))
(for-each (match-lambda
((service (ports hosts) ...)
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index b332ec3cf..06d6250b8 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -354,13 +354,7 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
(simple-operating-system
(service tor-service-type
(tor-configuration
- (config-file
- (plain-file "test-torrc"
- "\
-SocksPort unix:/var/run/tor/socks-sock
-UnixSocksGroupWritable 1
-")
- )))))
+ (socks-socket-type 'unix)))))
(define (run-tor-test)
(define os
--
2.18.0
- [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket, Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 1/6] services: tor: Add a system test., Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 3/6] marionette: Add support for QEMU's "quit" command., Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 2/6] services: tor: Rename activation procedure., Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 5/6] tests: tor: Add more test cases., Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 4/6] marionette: Add wait-for-unix-socket., Chris Marusich, 2018/08/02
- [bug#32346] [PATCH 6/6] services: tor: Make it easier to use UNIX sockets.,
Chris Marusich <=
- [bug#32346] [PATCH 1/6] services: tor: Add a system test., Ludovic Courtès, 2018/08/20
- [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket, Nils Gillmann, 2018/08/02
- [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket, Chris Marusich, 2018/08/04