From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 0EzSJJBa+mM15wAAbAwnHQ (envelope-from ) for ; Sat, 25 Feb 2023 19:59:28 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id CHjyI5Ba+mMYOwEAG6o9tA (envelope-from ) for ; Sat, 25 Feb 2023 19:59:28 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2475AAF75 for ; Sat, 25 Feb 2023 19:59:28 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pVzlN-0001wS-Pj; Sat, 25 Feb 2023 13:59:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVzl9-0001oK-K2 for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pVzl9-0000bb-Bt for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pVzl9-0007wD-8g for guix-patches@gnu.org; Sat, 25 Feb 2023 13:59:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61789] [PATCH 11/27] services: tor: Deprecate 'tor-hidden-service' procedure. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 25 Feb 2023 18:59:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61789 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61789@debbugs.gnu.org Cc: Bruno Victal Received: via spool by 61789-submit@debbugs.gnu.org id=B61789.167735151030305 (code B ref 61789); Sat, 25 Feb 2023 18:59:03 +0000 Received: (at 61789) by debbugs.gnu.org; 25 Feb 2023 18:58:30 +0000 Received: from localhost ([127.0.0.1]:41434 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVzkc-0007sW-0t for submit@debbugs.gnu.org; Sat, 25 Feb 2023 13:58:30 -0500 Received: from smtpm6.myservices.hosting ([185.26.105.207]:35942) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVzkU-0007rD-Ux for 61789@debbugs.gnu.org; Sat, 25 Feb 2023 13:58:23 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm6.myservices.hosting (Postfix) with ESMTP id 2F29D20D47 for <61789@debbugs.gnu.org>; Sat, 25 Feb 2023 19:58:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id E03BB800A1; Sat, 25 Feb 2023 19:58:21 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id egqr4PT5j_MU; Sat, 25 Feb 2023 19:58:21 +0100 (CET) Received: from guix-nuc.home.arpa (bl9-119-177.dsl.telepac.pt [85.242.119.177]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 5A9C28009D; Sat, 25 Feb 2023 19:58:20 +0100 (CET) From: Bruno Victal Date: Sat, 25 Feb 2023 18:57:57 +0000 Message-Id: <55d9d97eabbb72cf59713b31015e654d028d8623.1677350249.git.mirai@makinata.eu> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677351568; a=rsa-sha256; cv=none; b=LJrmDtaVNxhGQ+KKlSNa+4i0Z5IqL0nJvaKfD+1PY/PHs+/RKh5FRVJnWbbP+HKxcdQzhg tx5OwY71MtuPDwrg6rPSvZk4lOMasKikyC9byMkTWt9qeZrQ+Zt/2o8MuOw3jaPRrTz4bk muT2L0G7lIENBhRtqa/SU5iWwswHNnCoF+B1gqA3uyI83KkFPzRp+Mj55PEMHLGydFQ+9i NJqYwx6z99TGyEsNs4ulEqsGkPq0MHgsC0jbD90BwEqGiDL7iMksnXMmHygjh/ERUdgwqk XLBubp3MugMnONqZ1xtKSCXoRkhkXHzMXMJBWBV7bF0FFVdnawJIBbnUjP13Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677351568; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=meF6LCh7a2BsuUT/FsCEFidG/hqzczLAhPLu275uh4g=; b=QHApZOS+oOCy7Muvn3Rx1ZPmRGhLriiWvnpRc5gaSvTcZCLIfsKO8fXA0QrPkoKU3kJAoG aTVr4CdL648+TW/URf1axCUzEs+OOTIQTV/fzqnGiX8HiC9k5Qy5cB1w3Z397gF1GaI2fa ludjdLPdUkvGoNCR+e/c6hY2+p2MGmdnCoMXAJodleXr+Kmjd//WIU40IaK9gbnrLcyzpL cm65RJljX22Bopgr0lCM2Xwxl9TAgFICuvxyXeTsm7gP2PsCxKyxIF59nPC34iVw4aVVDB rcZeNdVEdSxC/X0F0ol0xhiXDoElt9Pq5t5LXDnySERco4htV2Cp4KjIvnb5ww== Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-Migadu-Spam-Score: -1.68 X-Spam-Score: -1.68 X-Migadu-Queue-Id: 2475AAF75 X-Migadu-Scanner: scn1.migadu.com X-TUID: 99M8bybPWMLq Due to (now renamed) 'hidden-service' record type not being exported, the only way hidden services could have worked is through the now deprecated 'tor-hidden-service' procedure which also had the issue that it can only be used once since the returned service always had the same name. This commit fixes the Tor service documentation and deprecates 'tor-hidden-service' procedure, correcting some inconsistencies along the way. * doc/guix.texi (Networking Services): Add examples for Tor hidden services. Document . Remove mention of 'tor-hidden-service' procedure. * gnu/services/networking.scm: Export tor-configuration-tor, tor-configuration-config-file, tor-configuration-hidden-services, tor-configuration-socks-socket-type, tor-configuration-control-socket-path, tor-hidden-service-configuration, tor-hidden-service-configuration?, tor-hidden-service-configuration-name, tor-hidden-service-configuration-mapping. ()[control-socket?]: Rename accessor. (): Rename to ... (): ... this. (tor-configuration->torrc): Update record-type name. (tor-activation): Ditto. (tor-service-type): Tweak comment. (tor-hidden-service-type): Remove variable. (tor-hidden-service): Deprecate procedure. --- doc/guix.texi | 55 +++++++++++++++++++++++-------------- gnu/services/networking.scm | 47 +++++++++++++++++-------------- 2 files changed, 61 insertions(+), 41 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f9ca809e47..eeb2efa488 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -20494,11 +20494,21 @@ Networking Services @cindex Tor @defvar tor-service-type -This is the type for a service that runs the @uref{https://torproject.org, -Tor} anonymous networking daemon. The service is configured using a +Type for a service that runs the @uref{https://torproject.org, Tor} +anonymous networking daemon. The service is configured using a @code{} record. By default, the Tor daemon runs as the @code{tor} unprivileged user, which is a member of the @code{tor} group. +In addition to adding Tor @dfn{hidden service}s records to the service +configuration directly, this service can be extended by other services to add +hidden services, as in this example: + +@lisp +(simple-service 'my-extra-hidden-service tor-service-type + (list (tor-hidden-service-configuration + (name "extra-hidden-service") + (mapping '((80 "127.0.0.1:8080")))))) +@end lisp @end defvar @deftp {Data Type} tor-configuration @@ -20517,11 +20527,10 @@ Networking Services syntax. @item @code{hidden-services} (default: @code{'()}) -The list of @code{} records to use. For any hidden service -you include in this list, appropriate configuration to enable the hidden -service will be automatically added to the default configuration file. You -may conveniently create @code{} records using the -@code{tor-hidden-service} procedure described below. +The list of @code{} records to use. +For any hidden service you include in this list, appropriate +configuration to enable the hidden service will be automatically added to +the default configuration file. @item @code{socks-socket-type} (default: @code{'tcp}) The default socket type that Tor should use for its SOCKS socket. This must @@ -20546,26 +20555,32 @@ Networking Services @end table @end deftp -@cindex hidden service -@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping} -Define a new Tor @dfn{hidden service} called @var{name} and implementing -@var{mapping}. @var{mapping} is a list of port/host tuples, such as: +@cindex hidden service, tor +@deftp {Data Type} tor-hidden-service-configuration +Data Type representing a Tor @dfn{hidden service} configuration. +See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor +project's documentation} for more information. + +@table @asis +@item @code{name} (type: string) +Name for the Tor @dfn{hidden service}. +This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, +where the @file{hostname} file contains the @samp{.onion} host name for +the hidden service. + +@item @code{mapping} (type: list-of-list) +List of host---@dfn{hidden-service} port mappings, such as: @example - '((22 "127.0.0.1:22") - (80 "127.0.0.1:8080")) +'((22 "127.0.0.1:22") + (80 "127.0.0.1:8080")) @end example In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080. -This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where -the @file{hostname} file contains the @code{.onion} host name for the hidden -service. - -See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor -project's documentation} for more information. -@end deffn +@end table +@end deftp The @code{(gnu services rsync)} module provides the following services: diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index dacf64c2d1..d6e1877ef5 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -138,7 +138,16 @@ (define-module (gnu services networking) tor-configuration tor-configuration? - tor-hidden-service + tor-configuration-tor + tor-configuration-config-file + tor-configuration-hidden-services + tor-configuration-socks-socket-type + tor-configuration-control-socket-path + tor-hidden-service-configuration + tor-hidden-service-configuration? + tor-hidden-service-configuration-name + tor-hidden-service-configuration-mapping + tor-hidden-service ; deprecated tor-service-type network-manager-configuration @@ -919,7 +928,7 @@ (define-record-type* (default '())) (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix (default 'tcp)) - (control-socket? tor-control-socket-path + (control-socket? tor-configuration-control-socket-path (default #f))) (define %tor-accounts @@ -933,11 +942,11 @@ (define %tor-accounts (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) -(define-record-type - (hidden-service name mapping) - hidden-service? - (name hidden-service-name) ;string - (mapping hidden-service-mapping)) ;list of port/address tuples +(define-record-type + (tor-hidden-service-configuration name mapping) + tor-hidden-service-configuration? + (name tor-hidden-service-configuration-name) ;string + (mapping tor-hidden-service-configuration-mapping)) ;list of port/address tuples (define (tor-configuration->torrc config) "Return a 'torrc' file for CONFIG." @@ -977,7 +986,7 @@ (define (tor-configuration->torrc config) tcp-port host)) ports hosts))) '#$(map (match-lambda - (($ name mapping) + (($ name mapping) (cons name mapping))) hidden-services)) @@ -1064,7 +1073,7 @@ (define (tor-activation config) (chmod "/var/lib" #o755) (for-each initialize - '#$(map hidden-service-name + '#$(map tor-hidden-service-configuration-name (tor-configuration-hidden-services config))))) (define tor-service-type @@ -1077,7 +1086,7 @@ (define tor-service-type (service-extension activation-service-type tor-activation))) - ;; This can be extended with hidden services. + ;; This can be extended with tor hidden services. (compose concatenate) (extend (lambda (config services) (tor-configuration @@ -1090,15 +1099,8 @@ (define tor-service-type "Run the @uref{https://torproject.org, Tor} anonymous networking daemon."))) -(define tor-hidden-service-type - ;; A type that extends Tor with hidden services. - (service-type (name 'tor-hidden-service) - (extensions - (list (service-extension tor-service-type list))) - (description - "Define a new Tor @dfn{hidden service}."))) - -(define (tor-hidden-service name mapping) +(define-deprecated (tor-hidden-service name mapping) + #f "Define a new Tor @dfn{hidden service} called @var{name} and implementing @var{mapping}. @var{mapping} is a list of port/host tuples, such as: @@ -1116,8 +1118,11 @@ (define (tor-hidden-service name mapping) See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor project's documentation} for more information." - (service tor-hidden-service-type - (hidden-service name mapping))) + (simple-service 'tor-hidden-service + tor-service-type + (list (tor-hidden-service-configuration + (name name) + (mapping mapping))))) ;;; -- 2.39.1