all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / Atom feed
* [bug#46549] services: tor: Add control-socket? option.
@ 2021-02-15 23:04 Christopher Lemmer Webber
  2021-02-22 10:09 ` Ludovic Courtès
  0 siblings, 1 reply; 3+ messages in thread
From: Christopher Lemmer Webber @ 2021-02-15 23:04 UTC (permalink / raw)
  To: 46549

[-- Attachment #1: Type: text/plain, Size: 433 bytes --]

This allows users to have an easy way to enable control sockets for Tor.
Turning it on does so via a unix domain socket.  Intentionally I did not
add the localhost+port path because I feel unsure about the safety of
that, and nobodey has yet demonstrated a need.

I suppose another nice option might be to let the user specify a
specific path, but we didn't allow that for the socks-sock, so I was too
lazy to allow it here either.


[-- Attachment #2: 0001-services-tor-Add-control-socket-option.patch --]
[-- Type: text/x-patch, Size: 3735 bytes --]

From b85d5d49678ae11fd5a855acddbc78be123d863c Mon Sep 17 00:00:00 2001
From: Christopher Lemmer Webber <cwebber@dustycloud.org>
Date: Mon, 15 Feb 2021 17:57:04 -0500
Subject: [PATCH] services: tor: Add control-socket? option.

* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
---
 doc/guix.texi               |  9 ++++++++-
 gnu/services/networking.scm | 13 +++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 535c98a453..81cc24e0e3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -45,7 +45,7 @@ Copyright @copyright{} 2017 Federico Beffa@*
 Copyright @copyright{} 2017, 2018 Carlo Zancanaro@*
 Copyright @copyright{} 2017 Thomas Danckaert@*
 Copyright @copyright{} 2017 humanitiesNerd@*
-Copyright @copyright{} 2017 Christopher Allan Webber@*
+Copyright @copyright{} 2017, 2021 Christopher Lemmer Webber@*
 Copyright @copyright{} 2017, 2018, 2019, 2020 Marius Bakke@*
 Copyright @copyright{} 2017, 2019, 2020 Hartmut Goebel@*
 Copyright @copyright{} 2017, 2019, 2020, 2021 Maxim Cournoyer@*
@@ -16578,6 +16578,13 @@ If you want to customize the SOCKS socket in more detail, leave
 @end table
 @end deftp
 
+@item @code{control-socket?} (default: @code{#f})
+Whether or not to provide a ``control socket'' by which Tor can be
+controlled to, for instance, dynamically instantiate tor onion services.
+If @code{#t}, Tor will listen for control commands on the UNIX domain socket
+@file{/var/run/tor/control-sock}, which will be made writable by members of the
+@code{tor} group.
+
 @cindex hidden service
 @deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
 Define a new Tor @dfn{hidden service} called @var{name} and implementing
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index a4d4ac0646..231a9f66c7 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
 ;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2021 Christopher Lemmer Webber <cwebber@dustycloud.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -744,7 +745,9 @@ demand.")))
   (hidden-services  tor-configuration-hidden-services
                     (default '()))
   (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix
-                     (default 'tcp)))
+                     (default 'tcp))
+  (control-socket?  tor-control-socket-path
+                    (default #f)))
 
 (define %tor-accounts
   ;; User account and groups for Tor.
@@ -766,7 +769,8 @@ demand.")))
 (define (tor-configuration->torrc config)
   "Return a 'torrc' file for CONFIG."
   (match config
-    (($ <tor-configuration> tor config-file services socks-socket-type)
+    (($ <tor-configuration> tor config-file services
+                            socks-socket-type control-socket?)
      (computed-file
       "torrc"
       (with-imported-modules '((guix build utils))
@@ -786,6 +790,11 @@ Log notice syslog\n" port)
                   (display "\
 SocksPort unix:/var/run/tor/socks-sock
 UnixSocksGroupWritable 1\n" port))
+                (when #$control-socket?
+                  (display "\
+ControlSocket unix:/var/run/tor/control-sock GroupWritable RelaxDirModeCheck
+ControlSocketsGroupWritable 1\n"
+                           port))
 
                 (for-each (match-lambda
                             ((service (ports hosts) ...)
-- 
2.30.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [bug#46549] services: tor: Add control-socket? option.
  2021-02-15 23:04 [bug#46549] services: tor: Add control-socket? option Christopher Lemmer Webber
@ 2021-02-22 10:09 ` Ludovic Courtès
  2021-02-22 15:03   ` bug#46549: " Christopher Lemmer Webber
  0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2021-02-22 10:09 UTC (permalink / raw)
  To: Christopher Lemmer Webber; +Cc: 46549

Hey Chris,

Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:

>>From b85d5d49678ae11fd5a855acddbc78be123d863c Mon Sep 17 00:00:00 2001
> From: Christopher Lemmer Webber <cwebber@dustycloud.org>
> Date: Mon, 15 Feb 2021 17:57:04 -0500
> Subject: [PATCH] services: tor: Add control-socket? option.
>
> * doc/guix.texi (Networking Services): Document new `control-socket?'
> option for `tor-configuration`.
> * gnu/services/networking.scm (<tor-configuration>):
> (tor-configuration->torrc):

LGTM, thanks!  :-)

Ludo’.




^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#46549: services: tor: Add control-socket? option.
  2021-02-22 10:09 ` Ludovic Courtès
@ 2021-02-22 15:03   ` Christopher Lemmer Webber
  0 siblings, 0 replies; 3+ messages in thread
From: Christopher Lemmer Webber @ 2021-02-22 15:03 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 46549-done

Ludovic Courtès writes:

> Hey Chris,
>
> Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:
>
>>>From b85d5d49678ae11fd5a855acddbc78be123d863c Mon Sep 17 00:00:00 2001
>> From: Christopher Lemmer Webber <cwebber@dustycloud.org>
>> Date: Mon, 15 Feb 2021 17:57:04 -0500
>> Subject: [PATCH] services: tor: Add control-socket? option.
>>
>> * doc/guix.texi (Networking Services): Document new `control-socket?'
>> option for `tor-configuration`.
>> * gnu/services/networking.scm (<tor-configuration>):
>> (tor-configuration->torrc):
>
> LGTM, thanks!  :-)
>
> Ludo’.

Pushed, thanks for the review!




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-02-22 15:05 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-15 23:04 [bug#46549] services: tor: Add control-socket? option Christopher Lemmer Webber
2021-02-22 10:09 ` Ludovic Courtès
2021-02-22 15:03   ` bug#46549: " Christopher Lemmer Webber

all messages for Guix-related lists mirrored at yhetil.org

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix

Example config snippet for mirrors.


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git