From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47026) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fl7O5-0006US-9W for guix-patches@gnu.org; Thu, 02 Aug 2018 02:47:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fl7O2-00014i-7n for guix-patches@gnu.org; Thu, 02 Aug 2018 02:47:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:33137) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fl7O2-00014X-2y for guix-patches@gnu.org; Thu, 02 Aug 2018 02:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fl7O1-0004zE-SX for guix-patches@gnu.org; Thu, 02 Aug 2018 02:47:01 -0400 Subject: [bug#32346] [PATCH 0/6] TOR via Unix domain SOCKS socket Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46942) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fl7NE-00068Z-NV for guix-patches@gnu.org; Thu, 02 Aug 2018 02:46:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fl7NB-0000a1-M5 for guix-patches@gnu.org; Thu, 02 Aug 2018 02:46:12 -0400 Received: from mail-pf1-x442.google.com ([2607:f8b0:4864:20::442]:36851) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fl7NB-0000ZS-GH for guix-patches@gnu.org; Thu, 02 Aug 2018 02:46:09 -0400 Received: by mail-pf1-x442.google.com with SMTP id b11-v6so732456pfo.3 for ; Wed, 01 Aug 2018 23:46:09 -0700 (PDT) From: Chris Marusich Date: Wed, 1 Aug 2018 23:45:20 -0700 Message-Id: <20180802064520.20273-1-cmmarusich@gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 32346@debbugs.gnu.org Cc: Chris Marusich Hi, This patch series makes it possible to use our TOR service over a Unix domain socket. Specifically, after applying this patch series you can configure the TOR service as follows: (service tor-service-type (tor-configuration (socks-socket-type 'unix))) This configures the TOR daemon to run its SOCKS proxy on the Unix domain socket "/var/run/tor/socks-sock" rather than localhost port 9050. The SOCKS socket is made group-writable so that any member of the "tor" group may connect to it. Along the way, this patch series also adds system tests for TOR and adds a tiny bit of functionality to the marionette test framework. This patch series applies cleanly to commit 0d206dd054b74279838d44029c52a5f7663de189. For each patch in the series, I've verified that (1) Guix builds successfully and (2) both the new "tor" system test and the existing "dhcpd" system test pass. I ran the "dhcpd" system test as a sanity test to make sure I didn't introduce a regression in existing system tests. I'm currently reconfiguring my GuixSD system to confirm that it works for real, but it's going to take a long time for the reconfigure to succeed, so I'm sending the patch series now. Regarding hidden services, I haven't changed anything intentionally, so it should continue to work as before. I'll also test hidden services, but that's also going to take more time because I've never done it before, and I have to wait for my system to build many things. I'll let you know if it all works after I reconfigure my system. In the meantime, please take a look at the patches. Thank you! Chris Marusich (6): services: tor: Add a system test. services: tor: Rename activation procedure. marionette: Add support for QEMU's "quit" command. marionette: Add wait-for-unix-socket. tests: tor: Add more test cases. services: tor: Make it easier to use UNIX sockets. doc/guix.texi | 52 +++++++++++++++++--- gnu/build/marionette.scm | 28 ++++++++++- gnu/services/networking.scm | 34 ++++++++++--- gnu/tests/networking.scm | 97 ++++++++++++++++++++++++++++++++++++- 4 files changed, 196 insertions(+), 15 deletions(-) -- 2.18.0