From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id UFsjBJ/5F2YxtwAA62LTzQ:P1 (envelope-from ) for ; Thu, 11 Apr 2024 16:54:23 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id UFsjBJ/5F2YxtwAA62LTzQ (envelope-from ) for ; Thu, 11 Apr 2024 16:54:23 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Vdqyxod+; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712847263; a=rsa-sha256; cv=none; b=RjVMYmbYt6wgIhF8KVXMaQqoJpfmOSJrkvLn5d71k/b7Vg+8yuWIZ8hZuCwkFfterNp2ah inJqYvdBM0tZp2Pm+VT9fVoircZnEre7XXqSZwSsaIjjdu/PwLln6Pjo31TshowRTLq8Y8 jJN2rDPtlaJEFDJ2KrwEnWfzpwUXh4SU6G0Jz7TDlb5DNmvRfIMVjUshOX2nyLyMiEYl5v Q5LIlM7w+1JaZFIb/8fRKOHdNVna/vev1bIBDRR48DSvjciv3SgKRTA95SG8wPH0X+7YSq k36xUuDO9HJZ7rufMswocBx/2KZp7JTttVLgpx3LLJK7oBrWXZbn1+iAhwvEhA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Vdqyxod+; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712847263; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=YYY7kjDfOZ5Ajf8MkugofC5vefxa6E7lNmwb/V78s84=; b=FE55pRvmLHl0NQPgKp42He2dBPxNEw+dhCfgEAX5vYpo+ReuNowMHJ4WaFlkKU7yHnEjp9 m+Sdz3uuxPssKfODRWyM2xcj2kU7ojLndBHrmmCmHvG1+wltCPFfh37jjdjsNisRpvqwvY L/8RrlHjQmFzhInHYWqYjpO7DCIXNIIVbnnQYhGoAscI9tZa2f+ES8U3L5fclHETFSZmom sLg/rYtw6kGh2+7nkQmPVwgRKr2I1oGGlkYfyTRDipOWHCNLPv9MxAE0LzDoJbU2baZavb Vd6YwVku9OCri0dBwFP5dTant+/1jd2Vg3tW/GO5zkhdf88g7QVuUU2+ANqUMg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B66776A6AF for ; Thu, 11 Apr 2024 16:54:22 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruvoO-0008RO-Ln; Thu, 11 Apr 2024 10:54:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruvoN-0008RE-Mn for guix-patches@gnu.org; Thu, 11 Apr 2024 10:53:59 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruvoN-0005mp-E3 for guix-patches@gnu.org; Thu, 11 Apr 2024 10:53:59 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ruvoV-0008DJ-TU for guix-patches@gnu.org; Thu, 11 Apr 2024 10:54:07 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70341] [PATCH] gnu: Add support for pluggable transports to tor-service-type Resent-From: Nigko Yerden Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Apr 2024 14:54:06 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70341 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70341@debbugs.gnu.org Cc: Nigko Yerden X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171284718831082 (code B ref -1); Thu, 11 Apr 2024 14:54:06 +0000 Received: (at submit) by debbugs.gnu.org; 11 Apr 2024 14:53:08 +0000 Received: from localhost ([127.0.0.1]:57120 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ruvnS-00084Z-MK for submit@debbugs.gnu.org; Thu, 11 Apr 2024 10:53:08 -0400 Received: from lists.gnu.org ([2001:470:142::17]:37974) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ruvnH-00082i-Cr for submit@debbugs.gnu.org; Thu, 11 Apr 2024 10:53:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruvn2-0008Ki-Fd for guix-patches@gnu.org; Thu, 11 Apr 2024 10:52:36 -0400 Received: from mail-lf1-x142.google.com ([2a00:1450:4864:20::142]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruvn0-0005h0-EM for guix-patches@gnu.org; Thu, 11 Apr 2024 10:52:36 -0400 Received: by mail-lf1-x142.google.com with SMTP id 2adb3069b0e04-516d2b9cd69so7757974e87.2 for ; Thu, 11 Apr 2024 07:52:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712847152; x=1713451952; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YYY7kjDfOZ5Ajf8MkugofC5vefxa6E7lNmwb/V78s84=; b=Vdqyxod+hNwAx+t/vJ5eVg1vXEW992dWrUb+VvnDQ+xA9mz5SC4ZtqXbKwuDsWAv4E VCTbKFQRU5y8OKZAXZJAy+IPmmKZrLh2MSEATxVYx91iizNnUZzg5GGogROL3MAw/O7b 3JE9v+Fydy/oqbIojc+tFzyvW0W2c01Kw1CShd13tMBx0JACAsJwmH8zCS3y1qs05UMp FJMbw9AHmB8N7lIGMo4k7GalkJveWT7+ok8juEJAQLFMgV7fKyqwmpNR8QaTcG21RUER /7iocGEdlS4BLNkyALxvXCIMwILnR09w7yDmOplfoqx4Bodzgu9g9OB3FSmd4NwfR5AI CLhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712847152; x=1713451952; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YYY7kjDfOZ5Ajf8MkugofC5vefxa6E7lNmwb/V78s84=; b=shqpLhp9rXIjtBBxZnvHmdFVkybpyl2Zb+tIvMEkvmez9w+YKNfYi+9F769rhakUQJ GyO21dN5DPAHT6biywR02ikc1eXGqkEX2P2NU2VN+N4rN6GxeNBUkse72wg0M0ZhXjr7 7S6HZ3L6xSY/b2AEZ7ld9eyf3emTNUkg3Jzt/zPqcojSS0Jd8NvlMW0QBtTbs9Zhj5pB IcL3ixE8tpVmZHT6WNt2LitA0d4GP4Q7oleyuOuh3UWvuPcFMH0QqFHDJcf6XO9QucIh a1aHO899Pvtayzn1bZ0eAPHAFP5XgP6/EFOxytcVkCC0ULkIYGiX9ZSH1ZXw7SzuadJQ Tk/g== X-Gm-Message-State: AOJu0YwEU+VuU38oVuY17ZPUYoTqNe18602mz3ggHUHELn5bxJl5YwzO Xm4XhgjJNW0vXMWtw9BQhdX1LsrqK7+teaYdHzXGmVWiCRa0Sfg0e22QypEr X-Google-Smtp-Source: AGHT+IH7VTrST6KEhsFjxu+ZypLWKsTHHYtpEzswykqTXre3xW7GPbKpAxf7giHBMM0QXdutkBzkbQ== X-Received: by 2002:a05:6512:159e:b0:516:bea8:f46e with SMTP id bp30-20020a056512159e00b00516bea8f46emr4529157lfb.61.1712847151939; Thu, 11 Apr 2024 07:52:31 -0700 (PDT) Received: from localhost.localdomain ([188.168.230.169]) by smtp.gmail.com with ESMTPSA id y5-20020ac24465000000b00516d2184388sm226563lfl.177.2024.04.11.07.52.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 07:52:31 -0700 (PDT) From: Nigko Yerden Date: Thu, 11 Apr 2024 19:48:17 +0500 Message-ID: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::142; envelope-from=nigko.yerden@gmail.com; helo=mail-lf1-x142.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Spam-Score: -5.27 X-Migadu-Queue-Id: B66776A6AF X-Migadu-Spam-Score: -5.27 X-Migadu-Scanner: mx10.migadu.com X-TUID: qE5duGHhYPCj In Tor parlance pluggable transports are programs that disguise Tor traffic, which is useful, e.g., for censorship circumvention. There are several types of pluggable transports, e.g., obfs4 (lyrebird), meek, Snowflake etc. There are pluggable transport plugins in guix repo: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird go-github-com-operatorfoundation-obfs4 This commit adds the following #:-fields to tor-configuration record type: transport-plugin? - /path/to/transport/plugin/binary (string) (default #f) pluggable-transport - type of pluggable transport (string) (default "obfs4") Since tor process is run by shepherd service inside Linux namespaces, we need to add path to transport plugin to the list of file system mappings in the argument of list-authority-wrapper function. Pluggable transports do not work without bridges, which can be obtained from the official site https://bridges.torproject.org/. The user should specify bridges in #:config-file field of the tor-configuration record. For expample obfs4 bridges are specified as follows Bridge obfs4 ... Bridge obfs4 ... Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 --- Hello Guix! This is a bug-fix for https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html, see also https://lists.gnu.org/archive/html/bug-guix/2024-04/msg00093.html. Best Regards, Nigko Yerden gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8e64e529ab..b7d9a878e9 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -22,6 +22,7 @@ ;;; Copyright © 2023 Declan Tsien ;;; Copyright © 2023 Bruno Victal ;;; Copyright © 2023 muradm +;;; Copyright © 2024 Nigko Yerden ;;; ;;; This file is part of GNU Guix. ;;; @@ -955,7 +956,11 @@ (define-record-type* (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) (control-socket? tor-configuration-control-socket-path - (default #f))) + (default #f)) + (transport-plugin? tor-configuration-transport-plugin-path + (default #f)) + (pluggable-transport tor-configuration-pluggable-transport + (default "obfs4"))) (define %tor-accounts ;; User account and groups for Tor. @@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." (match-record config - (tor config-file hidden-services socks-socket-type control-socket?) + (tor config-file hidden-services socks-socket-type control-socket? + transport-plugin? pluggable-transport) (computed-file "torrc" (with-imported-modules '((guix build utils)) @@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config) (cons name mapping))) hidden-services)) + (when #$transport-plugin? + (format port "\ +UseBridges 1 +ClientTransportPlugin ~a exec ~a~%" + #$pluggable-transport + #$transport-plugin?)) + (display "\ ### End of automatically generated lines.\n\n" port) @@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config) (define (tor-shepherd-service config) "Return a running Tor." (let* ((torrc (tor-configuration->torrc config)) + (transport-plugin-path (tor-configuration-transport-plugin-path config)) (tor (least-authority-wrapper (file-append (tor-configuration-tor config) "/bin/tor") #:name "tor" - #:mappings (list (file-system-mapping - (source "/var/lib/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source "/dev/log") ;for syslog - (target source)) - (file-system-mapping - (source "/var/run/tor") - (target source) - (writable? #t)) - (file-system-mapping - (source torrc) - (target source))) + #:mappings (append + (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source torrc) + (target source))) + (if transport-plugin-path + (list (file-system-mapping + (source transport-plugin-path) + (target source))) + '())) #:namespaces (delq 'net %namespaces)))) (list (shepherd-service (provision '(tor)) base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6 -- 2.41.0