From: Nigko Yerden <nigko.yerden@gmail.com>
To: 70341@debbugs.gnu.org
Cc: Nigko Yerden <nigko.yerden@gmail.com>
Subject: [bug#70341] [PATCH v2] services: tor: Add support for pluggable transports.
Date: Sat, 20 Apr 2024 19:43:03 +0500 [thread overview]
Message-ID: <714e3316b5a14168c495253ae585c9e73361b11a.1713624182.git.nigko.yerden@gmail.com> (raw)
In-Reply-To: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com>
Pluggable transports are programs that disguise Tor traffic, which
can be useful in cases when Tor is censored. Pluggable transports
cannot be configured by #:config-file file exclusively because Tor
process is run via 'least-authority-wrapper' and cannot have access
to transport plugin, which is a separate executable (Bug:#70302,
Bug:#70332).
* doc/guix.texi (Networking Services): Document 'transport-plugin' and
'pluggable-transport' options for 'tor-configuration'.
* gnu/services/networking.scm (<tor-configuration>): Add 'transport-plugin'
and 'pluggable-transport' fields.
(tor-configuration->torrc)[transport-plugin]: Add content to 'torrc'
computed-file.
(tor-shepherd-service)[transport-plugin-path]: Add file-system-mapping.
Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48
---
doc/guix.texi | 11 ++++++++
gnu/services/networking.scm | 52 +++++++++++++++++++++++++------------
2 files changed, 47 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 65af136e61..9fbe928484 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -127,6 +127,7 @@
Copyright @copyright{} 2024 Herman Rimm@*
Copyright @copyright{} 2024 Matthew Trzcinski@*
Copyright @copyright{} 2024 Richard Sent@*
+Copyright @copyright{} 2024 Nigko Yerden@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -21849,6 +21850,16 @@ Networking Services
@file{/var/run/tor/control-sock}, which will be made writable by members of the
@code{tor} group.
+@item @code{transport-plugin} (default: @code{#f})
+This must be either @code{#f}, in which case the pluggable transports are
+not used by Tor, or a ``file-like'' object pointing to the pluggable transport
+plugin executable. In the latter case the @code{#:config-file} file
+should contain line(s) configuring one or more bridges.
+
+@item @code{pluggable-transport} (default: @code{"obfs4"})
+A string that specifies the type of the pluggable transport in
+case @code{#:transport-plugin} is not @code{#f}.
+
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 8e64e529ab..e47f7ca61a 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -22,6 +22,7 @@
;;; Copyright © 2023 Declan Tsien <declantsien@riseup.net>
;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
;;; Copyright © 2023 muradm <mail@muradm.net>
+;;; Copyright © 2024 Nigko Yerden <nigko.yerden@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -955,7 +956,11 @@ (define-record-type* <tor-configuration>
(socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
(default 'tcp))
(control-socket? tor-configuration-control-socket-path
- (default #f)))
+ (default #f))
+ (transport-plugin tor-configuration-transport-plugin-path
+ (default #f))
+ (pluggable-transport tor-configuration-pluggable-transport
+ (default "obfs4")))
(define %tor-accounts
;; User account and groups for Tor.
@@ -988,7 +993,8 @@ (define-configuration/no-serialization tor-onion-service-configuration
(define (tor-configuration->torrc config)
"Return a 'torrc' file for CONFIG."
(match-record config <tor-configuration>
- (tor config-file hidden-services socks-socket-type control-socket?)
+ (tor config-file hidden-services socks-socket-type control-socket?
+ transport-plugin pluggable-transport)
(computed-file
"torrc"
(with-imported-modules '((guix build utils))
@@ -1027,6 +1033,13 @@ (define (tor-configuration->torrc config)
(cons name mapping)))
hidden-services))
+ (when #$transport-plugin
+ (format port "\
+UseBridges 1
+ClientTransportPlugin ~a exec ~a~%"
+ #$pluggable-transport
+ #$transport-plugin))
+
(display "\
### End of automatically generated lines.\n\n" port)
@@ -1039,23 +1052,30 @@ (define (tor-configuration->torrc config)
(define (tor-shepherd-service config)
"Return a <shepherd-service> running Tor."
(let* ((torrc (tor-configuration->torrc config))
+ (transport-plugin-path (tor-configuration-transport-plugin-path config))
(tor (least-authority-wrapper
(file-append (tor-configuration-tor config) "/bin/tor")
#:name "tor"
- #:mappings (list (file-system-mapping
- (source "/var/lib/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/dev/log") ;for syslog
- (target source))
- (file-system-mapping
- (source "/var/run/tor")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source torrc)
- (target source)))
+ #:mappings (append
+ (list (file-system-mapping
+ (source "/var/lib/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/dev/log") ;for syslog
+ (target source))
+ (file-system-mapping
+ (source "/var/run/tor")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source torrc)
+ (target source)))
+ (if transport-plugin-path
+ (list (file-system-mapping
+ (source transport-plugin-path)
+ (target source)))
+ '()))
#:namespaces (delq 'net %namespaces))))
(list (shepherd-service
(provision '(tor))
base-commit: 0f68306268773f0eaa4327e1f6fdcb39442e4a34
--
2.41.0
next prev parent reply other threads:[~2024-04-20 14:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 14:48 [bug#70341] [PATCH] gnu: Add support for pluggable transports to tor-service-type Nigko Yerden
2024-04-20 14:43 ` Nigko Yerden [this message]
2024-04-22 3:58 ` [bug#70341] [PATCH v3] services: tor: Add support for pluggable transports Nigko Yerden
[not found] ` <Zil1buljj2AfL2zL@andel>
2024-04-25 6:08 ` Nigko Yerden
2024-04-30 9:13 ` Nigko Yerden
2024-05-10 8:32 ` [bug#70341] [PATCH v4] " Nigko Yerden
2024-05-23 21:49 ` André Batista
2024-05-31 5:43 ` [bug#70341] [PATCH v5] " Nigko Yerden
2024-07-11 13:27 ` [bug#70341] [PATCH v6] " Nigko Yerden
2024-08-09 9:15 ` [bug#70341] [PATCH v7] " Nigko Yerden
2024-09-04 14:08 ` Ludovic Courtès
2024-09-17 13:11 ` [bug#70341] [PATCH v8] " Nigko Yerden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=714e3316b5a14168c495253ae585c9e73361b11a.1713624182.git.nigko.yerden@gmail.com \
--to=nigko.yerden@gmail.com \
--cc=70341@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).