From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id Ili+GuN96V7ceAAA0tVLHw (envelope-from ) for ; Wed, 17 Jun 2020 02:20:19 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 4O9BFuN96V6zIgAAB5/wlQ (envelope-from ) for ; Wed, 17 Jun 2020 02:20:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BD58C94051C for ; Wed, 17 Jun 2020 02:20:18 +0000 (UTC) Received: from localhost ([::1]:55754 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jlNgX-0007Gr-HY for larch@yhetil.org; Tue, 16 Jun 2020 22:20:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39360) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jlNgJ-0007Ay-TZ for guix-devel@gnu.org; Tue, 16 Jun 2020 22:20:04 -0400 Received: from mx1.riseup.net ([198.252.153.129]:53512) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jlNgH-0002OK-LC; Tue, 16 Jun 2020 22:20:03 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49mpgM3WlDzFdx6; Tue, 16 Jun 2020 19:19:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1592360399; bh=Q1hbsQvivC+hFTs741wtENANV9SPFlntC6jcqE5Vy1A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=iz5n72q79lMnLklN4fFGldg6wURHhxvsvqgoMpkr5/dyFnW54TbkA2TMDdRJ1t4KF wu6xmZ3mOGu5OPDQudPks2q21TAJFbv/Md0H7kQKZG+6hiJ+l9pTPZt9QOMnGef8Ap RzDut+pSdHK4BOdK2wNraVAlVWXXU3mgQQOavidE= X-Riseup-User-ID: B4D2351271D46EF1E2C72C6DA900F3DCD4257C066BD2686F1D0F3A669D032786 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49mpgL2XpszJpc8; Tue, 16 Jun 2020 19:19:57 -0700 (PDT) Date: Tue, 16 Jun 2020 23:19:51 -0300 From: =?iso-8859-1?Q?Andr=E9?= Batista To: Brice Waegeneire Subject: Re: [bug#41694] [PATCH] doc: cookbook: Add entry about getting substitutes through Tor. Message-ID: <20200617021951.GA14644@andel> References: <87blmmkx87.fsf@gnu.org> <20200603191249.29382-1-brice@waegenei.re> <87367baua7.fsf@gnu.org> <5b7e576318d73e89ba5a9cafb6861061@waegenei.re> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TakKZr9L6Hm6aLOc" Content-Disposition: inline In-Reply-To: <5b7e576318d73e89ba5a9cafb6861061@waegenei.re> Received-SPF: pass client-ip=198.252.153.129; envelope-from=nandre@riseup.net; helo=mx1.riseup.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/16 22:19:59 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=iz5n72q7; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.41 X-TUID: s/Nw8CfW2A4f --TakKZr9L6Hm6aLOc Content-Type: multipart/mixed; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello Brice, I think it would be useful to warn users that when pulling there is a direct connection to guix git repos, so to route it through Tor, one needs to use torsocks. It wont make the configuration foolproof, but it will reduce the leaks to clearnet. --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=utf-8 Content-Disposition: inline; filename="0001-doc-cookbook-Add-info-on-the-need-of-using-torsocks-.patch" Content-Transfer-Encoding: quoted-printable =46rom 6a73b1b1129d3d636d7a0559dffa19e5d40aaf0d Mon Sep 17 00:00:00 2001 =46rom: =3D?UTF-8?q?Andr=3DC3=3DA9=3D20Batista?=3D Date: Tue, 16 Jun 2020 23:13:03 -0300 Subject: [PATCH] doc: cookbook: Add info on the need of using torsocks when pulling. To: guix-devel@gnu.org * doc/guix-cookbook.texi (Getting substitutes from Tor): Add note at the end on using torsocks when pulling. --- doc/guix-cookbook.texi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 1342826c97..1852ce6c3a 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -15,6 +15,7 @@ Copyright @copyright{} 2020 Oleg Pykhalov@* Copyright @copyright{} 2020 Matthew Brooks@* Copyright @copyright{} 2020 Marcin Karpezo@* Copyright @copyright{} 2020 Brice Waegeneire@* +Copyright @copyright{} 2020 Andr=C3=A9 Batista@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -1802,7 +1803,7 @@ at your own risk. @end quotation =20 Guix's substitute server is available as a Onion service, if you want -to use it to get your substitutes from Tor configure your system as +to use it to get your substitutes through Tor configure your system as follow: =20 @lisp @@ -1843,6 +1844,11 @@ sudo herd set-http-proxy guix-daemon http://localhos= t:9250 guix build --substitute-urls=3Dhttps://bp7o7ckwlewr4slm.onion =E2=80=A6 @end example =20 +Note that the procedure described above applies only to package substituti= on. +When you update your guix distribution with @command{guix pull}, you should +use @command{torsocks} if you want to route the connection to guix git +repository servers through Tor. + @c ********************************************************************* @node Advanced package management @chapter Advanced package management --=20 2.26.2 --d6Gm4EdcadzBjdND-- --TakKZr9L6Hm6aLOc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQI5BAABCgAjFiEEIBdLYNLH+F+MBdSrYrJ+WmBEwoIFAl7pfcQFgwPCZwAACgkQ YrJ+WmBEwoKBNA/9F+KIMApbxjcN6TXFQEqn3AW7KRwjv5JCJKmQVbN+B4ynIsHP 60KlNHKuUR/gQg3zbX20dj5wMuMioHXOwsZ7wE/oOpBY2KjfT+2pjIPle7ci673U abP1P+12P7FWsaPR17L0CUhiiGrHnACwoSGmTFjSyt52VuuMtLWeWgkeDx0rDa2s r7MhScuPD96F5iUFYyAH2miIuXFtOmvo33jVRo72m0SU31D2G9lTpCX/YwoFDxv0 qgqggKoJSeyFdbdPGNCbbGlji14DaePlHBW2ibhiC7NczOkG632SXKfQiIlAsYRc fWLoVIbOQhHLoxLSCboYhpa5wJlLRKun9129mwEgFPRjycqZ7YINvmiMvmP0AgML B5AN/3Wuv9RyBUHcEIrXnGcDWGYeKTzLQd9dPmkFbR2QUEV4Z+oCejDguLDFGPhR LuIIfFSjVrPTVkL5Hfvtr4p3Fu8s8BNbWV3sW8sQt4sKJ/bwXu5C2ytSwrLMWP7J y203DyS3ZJd/dSKQpmybOzJ+j/UVxoT29Cs6R86Ha4UoBxilFZQa/oriIEoO7xbW iKUYkarFXYZtF8EDBUxT0j50aJequtbGjE+6GSjDg+ZvkBWOQFzYnkwCRmbJdr9A un8nu/aNxVybfaOIp/oCPZKTy/JnuglKn8MARZyQ0lG7/6iEhzm/5Hm+wkY= =FAki -----END PGP SIGNATURE----- --TakKZr9L6Hm6aLOc--