From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48508) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fl7Us-0000L2-7t for guix-patches@gnu.org; Thu, 02 Aug 2018 02:54:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fl7Up-0005dv-4T for guix-patches@gnu.org; Thu, 02 Aug 2018 02:54:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:33167) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fl7Uo-0005cx-Vb for guix-patches@gnu.org; Thu, 02 Aug 2018 02:54:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fl7Uo-0005B7-Fs for guix-patches@gnu.org; Thu, 02 Aug 2018 02:54:02 -0400 Subject: [bug#32346] [PATCH 1/6] services: tor: Add a system test. Resent-Message-ID: From: Chris Marusich Date: Wed, 1 Aug 2018 23:51:54 -0700 Message-Id: <20180802065159.20413-1-cmmarusich@gmail.com> In-Reply-To: <20180802064520.20273-1-cmmarusich@gmail.com> References: <20180802064520.20273-1-cmmarusich@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 32346@debbugs.gnu.org Cc: Chris Marusich * gnu/services/networking.scm (tor-configuration->torrc): Set PidFile to /var/run/tor/tor.pid in the base torrc configuration. (tor-shepherd-service) : Call make-forkexec-constructor/container with a new #:pid-file argument to tell Shepherd where to find the PID file. Add a a new to its existing #:mappings argument to share /var/run/tor with the the container. (tor-hidden-services-activation): Update docstring. Create /var/run/tor and set its permissions so only the tor user can access it. * gnu/tests/networking.scm (%test-tor, %tor-os): New variables. (run-tor-test): New procedure. --- gnu/services/networking.scm | 20 +++++++++++-- gnu/tests/networking.scm | 56 ++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 3 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index d5d0cf9d1..bd79e6589 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018 Chris Marusich ;;; ;;; This file is part of GNU Guix. ;;; @@ -612,6 +613,7 @@ demand."))) ### These lines were generated from your system configuration: User tor DataDirectory /var/lib/tor +PidFile /var/run/tor/tor.pid Log notice syslog\n" port) (for-each (match-lambda @@ -665,12 +667,17 @@ HiddenServicePort ~a ~a~%" (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog - (target source))))) + (target source)) + (file-system-mapping + (source "/var/run/tor") + (target source) + (writable? #t))) + #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) (documentation "Run the Tor anonymous network overlay.")))))))) (define (tor-hidden-service-activation config) - "Return the activation gexp for SERVICES, a list of hidden services." + "Set up directories for TOR and its hidden services, if any." #~(begin (use-modules (guix build utils)) @@ -686,6 +693,15 @@ HiddenServicePort ~a ~a~%" ;; The daemon bails out if we give wider permissions. (chmod directory #o700))) + ;; Allow TOR to write its PID file. + (mkdir-p "/var/run/tor") + (chown "/var/run/tor" (passwd:uid %user) (passwd:gid %user)) + ;; Set the group permissions to rw so that if the system administrator + ;; has specified UnixSocksGroupWritable=1 in their torrc file, members + ;; of the "tor" group will be able to use the SOCKS socket. + (chmod "/var/run/tor" #o750) + + ;; Allow TOR to access the hidden services' directories. (mkdir-p "/var/lib/tor") (chown "/var/lib/tor" (passwd:uid %user) (passwd:gid %user)) (chmod "/var/lib/tor" #o700) diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm index 323679e7f..c9a4f5463 100644 --- a/gnu/tests/networking.scm +++ b/gnu/tests/networking.scm @@ -30,7 +30,7 @@ #:use-module (gnu packages bash) #:use-module (gnu packages networking) #:use-module (gnu services shepherd) - #:export (%test-inetd %test-openvswitch %test-dhcpd)) + #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor)) (define %inetd-os ;; Operating system with 2 inetd services. @@ -339,3 +339,57 @@ subnet 192.168.1.0 netmask 255.255.255.0 { (name "dhcpd") (description "Test a running DHCP daemon configuration.") (value (run-dhcpd-test)))) + + +;;; +;;; Services related to TOR +;;; + +(define %tor-os + (simple-operating-system + (tor-service))) + +(define (run-tor-test) + (define os + (marionette-operating-system %tor-os + #:imported-modules '((gnu services herd)) + #:requirements '(tor))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (gnu build marionette) + (ice-9 popen) + (ice-9 rdelim) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$(virtual-machine os)))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "tor") + + (test-assert "tor is alive" + (marionette-eval + '(begin + (use-modules (gnu services herd) + (srfi srfi-1)) + (live-service-running + (find (lambda (live) + (memq 'tor + (live-service-provision live))) + (current-services)))) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "tor-test" test)) + +(define %test-tor + (system-test + (name "tor") + (description "Test a running TOR daemon configuration.") + (value (run-tor-test)))) -- 2.18.0