From: Chris Marusich <cmmarusich@gmail.com>
To: 32346@debbugs.gnu.org
Cc: Chris Marusich <cmmarusich@gmail.com>
Subject: [bug#32346] [PATCH 1/6] services: tor: Add a system test.
Date: Wed, 1 Aug 2018 23:51:54 -0700 [thread overview]
Message-ID: <20180802065159.20413-1-cmmarusich@gmail.com> (raw)
In-Reply-To: <20180802064520.20273-1-cmmarusich@gmail.com>
* gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to
/var/run/tor/tor.pid in the base torrc configuration.
(tor-shepherd-service) <start>: Call make-forkexec-constructor/container with
a new #:pid-file argument to tell Shepherd where to find the PID file. Add a
a new <file-system-mapping> to its existing #:mappings argument to share
/var/run/tor with the the container.
(tor-hidden-services-activation): Update docstring. Create /var/run/tor and
set its permissions so only the tor user can access it.
* gnu/tests/networking.scm (%test-tor, %tor-os): New variables.
(run-tor-test): New procedure.
---
gnu/services/networking.scm | 20 +++++++++++--
gnu/tests/networking.scm | 56 ++++++++++++++++++++++++++++++++++++-
2 files changed, 73 insertions(+), 3 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d5d0cf9d1..bd79e6589 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -612,6 +613,7 @@ demand.")))
### These lines were generated from your system configuration:
User tor
DataDirectory /var/lib/tor
+PidFile /var/run/tor/tor.pid
Log notice syslog\n" port)
(for-each (match-lambda
@@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%"
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
- (target source)))))
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t)))
+ #:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
- "Return the activation gexp for SERVICES, a list of hidden services."
+ "Set up directories for TOR and its hidden services, if any."
#~(begin
(use-modules (guix build utils))
@@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%"
;; The daemon bails out if we give wider permissions.
(chmod directory #o700)))
+ ;; Allow TOR to write its PID file.
+ (mkdir-p "/var/run/tor")
+ (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user))
+ ;; Set the group permissions to rw so that if the system administrator
+ ;; has specified UnixSocksGroupWritable=1 in their torrc file, members
+ ;; of the "tor" group will be able to use the SOCKS socket.
+ (chmod "/var/run/tor" #o750)
+
+ ;; Allow TOR to access the hidden services' directories.
(mkdir-p "/var/lib/tor")
(chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user))
(chmod "/var/lib/tor" #o700)
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index 323679e7f..c9a4f5463 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -30,7 +30,7 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages networking)
#:use-module (gnu services shepherd)
- #:export (%test-inetd %test-openvswitch %test-dhcpd))
+ #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
(define %inetd-os
;; Operating system with 2 inetd services.
@@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
(name "dhcpd")
(description "Test a running DHCP daemon configuration.")
(value (run-dhcpd-test))))
+
+\f
+;;;
+;;; Services related to TOR
+;;;
+
+(define %tor-os
+ (simple-operating-system
+ (tor-service)))
+
+(define (run-tor-test)
+ (define os
+ (marionette-operating-system %tor-os
+ #:imported-modules '((gnu services herd))
+ #:requirements '(tor)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (gnu build marionette)
+ (ice-9 popen)
+ (ice-9 rdelim)
+ (srfi srfi-64))
+
+ (define marionette
+ (make-marionette (list #$(virtual-machine os))))
+
+ (mkdir #$output)
+ (chdir #$output)
+
+ (test-begin "tor")
+
+ (test-assert "tor is alive"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd)
+ (srfi srfi-1))
+ (live-service-running
+ (find (lambda (live)
+ (memq 'tor
+ (live-service-provision live)))
+ (current-services))))
+ marionette))
+
+ (test-end)
+ (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+ (gexp->derivation "tor-test" test))
+
+(define %test-tor
+ (system-test
+ (name "tor")
+ (description "Test a running TOR daemon configuration.")
+ (value (run-tor-test))))
--
2.18.0
next prev parent reply other threads:[~2018-08-02 6:54 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-02 6:45 [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket Chris Marusich
2018-08-02 6:51 ` Chris Marusich [this message]
2018-08-02 6:51 ` [bug#32346] [PATCH 2/6] services: tor: Rename activation procedure Chris Marusich
2018-08-20 20:03 ` Ludovic Courtès
2018-08-02 6:51 ` [bug#32346] [PATCH 3/6] marionette: Add support for QEMU's "quit" command Chris Marusich
2018-08-20 20:03 ` Ludovic Courtès
2018-08-02 6:51 ` [bug#32346] [PATCH 4/6] marionette: Add wait-for-unix-socket Chris Marusich
2018-08-20 20:05 ` Ludovic Courtès
2018-08-02 6:51 ` [bug#32346] [PATCH 5/6] tests: tor: Add more test cases Chris Marusich
2018-08-20 20:06 ` Ludovic Courtès
2018-08-02 6:51 ` [bug#32346] [PATCH 6/6] services: tor: Make it easier to use UNIX sockets Chris Marusich
2018-08-20 20:09 ` Ludovic Courtès
2018-08-20 20:02 ` [bug#32346] [PATCH 1/6] services: tor: Add a system test Ludovic Courtès
2018-08-28 7:46 ` bug#32346: " Chris Marusich
2018-08-02 9:27 ` [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket Nils Gillmann
2018-08-03 2:22 ` Chris Marusich
2018-08-03 11:43 ` Nils Gillmann
2018-08-04 4:34 ` Chris Marusich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180802065159.20413-1-cmmarusich@gmail.com \
--to=cmmarusich@gmail.com \
--cc=32346@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).