From: Nigko Yerden <nigko.yerden@gmail.com>
To: 70341@debbugs.gnu.org
Cc: Nigko Yerden <nigko.yerden@gmail.com>
Subject: [bug#70341] [PATCH] gnu: Add support for pluggable transports to tor-service-type
Date: Thu, 11 Apr 2024 19:48:17 +0500 [thread overview]
Message-ID: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> (raw)
In Tor parlance pluggable transports are programs that disguise
Tor traffic, which is useful, e.g., for censorship circumvention.
There are several types of pluggable transports, e.g.,
obfs4 (lyrebird), meek, Snowflake etc.
There are pluggable transport plugins in guix repo:
go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird
go-github-com-operatorfoundation-obfs4
This commit adds the following #:-fields to tor-configuration
record type:
transport-plugin? - /path/to/transport/plugin/binary (string)
(default #f)
pluggable-transport - type of pluggable transport (string)
(default "obfs4")
Since tor process is run by shepherd service inside Linux
namespaces, we need to add path to transport plugin to
the list of file system mappings in the argument of
list-authority-wrapper function.
Pluggable transports do not work without bridges,
which can be obtained from the official site
https://bridges.torproject.org/. The user should specify
bridges in #:config-file field of the tor-configuration
record. For expample obfs4 bridges are specified as follows
Bridge obfs4 ...
Bridge obfs4 ...
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
Hello Guix!
This is a bug-fix for
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html,
see also
https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html.
Best Regards,
Nigko Yerden
gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------
1 file changed, 36 insertions(+), 16 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e64e529ab..b7d9a878e9 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 muradm <mail@muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -955,7 +956,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin? tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin? pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin?
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin?))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))
base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
--
2.41.0
next reply other threads:[~2024-04-11 14:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 14:48 Nigko Yerden [this message]
2024-04-20 14:43 ` [bug#70341] [PATCH v2] services: tor: Add support for pluggable transports Nigko Yerden
2024-04-22 3:58 ` [bug#70341] [PATCH v3] " Nigko Yerden
[not found] ` <Zil1buljj2AfL2zL@andel>
2024-04-25 6:08 ` Nigko Yerden
2024-04-30 9:13 ` Nigko Yerden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com \
--to=nigko.yerden@gmail.com \
--cc=70341@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).