From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sKnzOYzywl5jVAAA0tVLHw (envelope-from ) for ; Mon, 18 May 2020 20:39:40 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id +MjvNYzywl41eQAAB5/wlQ (envelope-from ) for ; Mon, 18 May 2020 20:39:40 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A4463940146 for ; Mon, 18 May 2020 20:39:40 +0000 (UTC) Received: from localhost ([::1]:41314 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jamXz-0008NS-Hj for larch@yhetil.org; Mon, 18 May 2020 16:39:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60910) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jamR8-0000L5-2W; Mon, 18 May 2020 16:32:38 -0400 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:52379) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jamR6-0000AD-7s; Mon, 18 May 2020 16:32:33 -0400 Received: from webmail.gandi.net (webmail18.sd4.0x35.net [10.200.201.18]) (Authenticated sender: brice@waegenei.re) by relay3-d.mail.gandi.net (Postfix) with ESMTPA id BD76460003; Mon, 18 May 2020 20:32:20 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Mon, 18 May 2020 20:32:20 +0000 From: Brice Waegeneire To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: Routing Guix services traffic trough Tor In-Reply-To: <87blmmkx87.fsf@gnu.org> References: <887f7538354a77d0df85cb3f458ffac4@waegenei.re> <87blmmkx87.fsf@gnu.org> Message-ID: <7a5c99375e678397571a535641af0091@waegenei.re> X-Sender: brice@waegenei.re User-Agent: Roundcube Webmail/1.3.8 Received-SPF: pass client-ip=217.70.183.195; envelope-from=brice@waegenei.re; helo=relay3-d.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/18 16:32:21 X-ACL-Warn: Detected OS = Linux 3.11 and newer X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, Guix-devel Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: uk2fkc7quV1D On 2020-05-17 22:33, Ludovic Courtès wrote: > Hi Brice, > > Brice Waegeneire skribis: > >> Today I played a bit with Tor and Guix, trying to fetch substitutes >> trough >> the Tor network as blaze_cornbread asked on IRC[0] how to do this. I >> managed to get it working but in the end I don't think we should >> encourage >> people doing it this way, that's why I haven't submitted a patch to >> the >> cookbook for it. Currently the only supported way to proxy traffic >> for >> 'guix-daemon' is by setting a HTTP proxy[1] the drawback is that DNS >> query >> will still be in clear and wont go trough the proxy in contrast to a >> SOCKS5 >> proxy where the query will happen on the other side of the proxy. > > I don’t think that’s the case: when an HTTP proxy is in use, clients > make a CONNECT or GET HTTP request to the proxy, which resolves the > host > name on their behalf. That’s why you can pass > ‘--substitute-urls=http://bp7o7ckwlewr4slm.onion’ and it Just Works. > > So I think you message could make a great section in the cookbook. :-) > > Thanks, > Ludo’.