Re: [PATCH] Add Tor client only package definition

[Andre Batista <nandre@riseup.net>]

[-- Attachment #1: Type: text/plain, Size: 5445 bytes --]

Hi Ludo,

dom 24 mai 2020 às 22:51:16 (1590371476), ludo@gnu.org enviou:
> Hi Andre,
> 
> What difference does it make, for instance in terms of the total size
> returned by “guix size tor-client” vs. “guix size tor”?

Considering only the total size, the difference doesn't appear to be
significant: 90.6 MiB vs 91.0 MiB. However, since most of it is relared
to gcc and glibc, I also thought it would be more accurate to compare
the difference between the binaries. Comparing those, there is a 8.5%
reduction on it's size - from 4120K to 3768K on my i686 machine[1].
On x86_64, it goes from 97.0MiB to 96.7MiB total size or 3840K to
3532K, which equals a reduction of 8.0% on the bin[2].

I did not try to emulate other architectures, but I can do it, if you
think the idea is worth.

> Are there other considerations, such as a reduced attack surface?

Other considerations were: not loading code which is not meant to be
used into memory, reducing the compilation and check time as well as
avoiding running relays by mistake (miunderstanding on ORPort or
copy+pasting old configs or config files found on the web).

AFAIUI, this could also mean a reduced attack surface, but I couldn't
think of a way of exploiting the relay module without relying on a
prior exploit. Maybe if the user is running a onion service or
through the SocksPort. I dont know.

> It looks good to me overall!  Some nitpicking:

I see you've been kind to me. Thank you.

> We’d rather use ‘substitute-keyword-arguments’ to augment
> #:configure-flags without touching the other keyword arguments (there
> are several examples in the source).

I've overlooked the warning on section 14.5.3 of guix manual
regarding Lispers tendency to overuse car, cdr cadr and co.

> We generally avoid concatenating text like this, for the reasons
> explained at:
> 
>   https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html

And I've also overlooked this section.

> Regarding the format of patches, you can take a look at this:
> 
>   https://guix.gnu.org/manual/en/html_node/Submitting-Patches.html

This I had read, but I thought I could skip some of it since it was
not a new package, just a new flag through inheritance. But I
suppose I was just passing the burden onto others.

I'll send a new patch taking your warnings into account.

---

Notes:

1:
user@local ~$ guix size tor tor-client
store item                                                       total    self
/gnu/store/z4li262il798hbl0l1h1k3a5g7r6bffa-glibc-2.31              37.7    36.0  34.6%
/gnu/store/1527570cy2g7ld4wppmh3skvi27kvm43-gcc-7.5.0-lib           65.0    27.4  26.3%
/gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5             91.0    13.5  13.0%
/gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5      90.6    13.1  12.6%
/gnu/store/9p15ivj0lc5sd5ivizn8lnzh781lbbgr-openssl-1.1.1f          71.5     6.4   6.2%
/gnu/store/m21nvi8k4jqhdfxgra87zdri1xpdi8hy-libevent-2.1.11         67.2     2.2   2.1%
/gnu/store/izqg5ia1ci2xijfw6l1qmw4sylc4p9x9-bash-static-5.0.16       1.6     1.6   1.6%
/gnu/store/v1g7f3p4f0851mywrla8qmr9hb8jgfjr-bash-minimal-5.0.16     38.8     1.1   1.0%
/gnu/store/4zsgsg1x32nmwgm6dr5fbb9akkydkclz-zstd-1.4.4-lib          66.0     1.0   1.0%
/gnu/store/fwyjnzl9z55d9byzsn8nq8g0vlbxxmgn-xz-5.2.4                67.0     0.9   0.9%
/gnu/store/3ai13wmy7d8civi5xpvl9x0bm9qjfszx-libseccomp-2.4.3        65.6     0.6   0.6%
/gnu/store/pqyqxd5mbvlb22ifxzp4q2skjfq1p8yj-zlib-1.2.11             65.3     0.2   0.2%
total: 104.1 MiB
user@local ~$ ls -s /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor
4120 /gnu/store/4c26h0fvk65ilqhq43gmyjwh9mkiwmwc-tor-0.4.3.5/bin/tor
user@local ~$ ls -s /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor
3768 /gnu/store/9vrkzx403v1rzmgqiv2z8596b1fljl8h-tor-client-0.4.3.5/bin/tor

2:
store item                                                       total    self
/gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31              38.4    36.7  33.4%
/gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib           71.0    32.6  29.7%
/gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5             97.0    13.2  12.0%
/gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5      96.7    12.9  11.7%
/gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f          77.4     6.4   5.9%
/gnu/store/c7wscymmk379v16invi8m68f6v5c8gsv-libevent-2.1.11         73.3     2.3   2.1%
/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16       1.6     1.6   1.5%
/gnu/store/v04z33qas38iiv5ndasf4cw80kqyyr1r-zstd-1.4.4-lib          72.1     1.1   1.0%
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16     39.4     1.0   0.9%
/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4                73.0     0.9   0.8%
/gnu/store/5gc93y4n3f9p5sivp0i4f7ixqmqz3zpv-libseccomp-2.4.3        71.9     0.9   0.8%
/gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11             71.2     0.2   0.2%
total: 109.9 MiB
user@local ~$ ls -s /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5/bin/tor
3840 /gnu/store/qjk52ii1gc05s1m89lrwrgnh4k1cl95b-tor-0.4.3.5/bin/tor
user@local ~$ ls -s /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5/bin/tor
3532 /gnu/store/i5i84nxqrvqpv6gzi71iyjgsagv50543-tor-client-0.4.3.5/bin/tor


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 841 bytes --]