* [bug#27870] tor: Remove 'expensive-hardening' option.
@ 2017-07-29 17:31 ng0
2017-07-31 15:07 ` bug#27870: " Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: ng0 @ 2017-07-29 17:31 UTC (permalink / raw)
To: 27870
[-- Attachment #1.1: Type: text/plain, Size: 2287 bytes --]
Since no one has vetoed against this, here is my patch to
improve tor again. I had no issues in the 9+ days since
I've been using it like this (didn't expect any) and only
improvement of the current situation with tor.
Patch appended.
> ng0 writes:
>
> > I noticed this before the contribution entered master, so this message
> > is not really a news.
> >
> > To quote myself from earlier today:
> >
> > <ng0> I think we should revert one piece of the tor hardened build.. 3 hours
> > uptime: 684.3 MiB + 753.0 KiB = 685.1 MiB tor
> >
> > Comparison: my Chromium with 55 tabs open uses 2.2GB.
> >
> > Private + Shared = RAM used Program
> > …
> > 12.4 MiB + 1.1 MiB = 13.4 MiB vim
> > 15.5 MiB + 959.0 KiB = 16.4 MiB Xorg
> > 17.3 MiB + 5.6 MiB = 22.9 MiB guix substitute
> > 22.8 MiB + 1.3 MiB = 24.1 MiB shepherd
> > 26.7 MiB + 551.5 KiB = 27.3 MiB emacs-25.2
> > 131.1 MiB + 6.2 MiB = 137.3 MiB .guix-real
> > 732.7 MiB + 932.0 KiB = 733.6 MiB tor
> > …
> > uptime: 6:24h
> >
> > Now I wouldn't consider tor to be problematic when this would be the
> > default for tor. But it isn't, and --enable-expensive-hardening is an
> > experimental function which is not enabled by default from upstream (as
> > all our recently added config options for tor (not sure right now if all
> > are experimental, but they are not standard).
> >
> > Comparison, Debian running for a very long time (months) and using the
> > same config:
> >
> > 40.6 MiB + 486.0 KiB = 41.1 MiB tor
> >
> >
> > I'm convinced that removing --enable-expensive-hardening will improve
> > the situation, I have watched an VM with tor without this config switch.
> > Whoever needs or wants this switch can make use of the easy way to
> > create custom packages in Guix.
> >
> > If someone else can confirm my observations, I'll prepare an patch.
>
> The top(1) command tells me that tor is taking up just short of a
> gigabyte of RAM. I haven't tried disabling the --enable-expensive-hardening
> flag, yet.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org
[-- Attachment #1.2: 0001-gnu-tor-Remove-enable-expensive-hardening-option.patch --]
[-- Type: text/plain, Size: 1541 bytes --]
From 4ae53518a53b668d9ac9d0f85771bb8f8645a4f6 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Sat, 29 Jul 2017 17:26:04 +0000
Subject: [PATCH] gnu: tor: Remove '--enable-expensive-hardening' option.
* gnu/packages/tor.scm (tor)[arguments]: Remove '--enable-expensive-hardening' option.
---
gnu/packages/tor.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 314901fa4..1d5a1f161 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
@@ -54,8 +54,7 @@
"0hhyb1wil8japynqnm07r1f67w3wdnafdg9amzlrrcfcyq5qim28"))))
(build-system gnu-build-system)
(arguments
- `(#:configure-flags (list "--enable-expensive-hardening"
- "--enable-gcc-hardening"
+ `(#:configure-flags (list "--enable-gcc-hardening"
"--enable-linker-hardening")))
(native-inputs
`(("python" ,python-2))) ; for tests
--
2.13.3
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply related [flat|nested] 2+ messages in thread
* bug#27870: tor: Remove 'expensive-hardening' option.
2017-07-29 17:31 [bug#27870] tor: Remove 'expensive-hardening' option ng0
@ 2017-07-31 15:07 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2017-07-31 15:07 UTC (permalink / raw)
To: 27870-done
ng0 <ng0@infotropique.org> skribis:
> From 4ae53518a53b668d9ac9d0f85771bb8f8645a4f6 Mon Sep 17 00:00:00 2001
> From: ng0 <ng0@infotropique.org>
> Date: Sat, 29 Jul 2017 17:26:04 +0000
> Subject: [PATCH] gnu: tor: Remove '--enable-expensive-hardening' option.
>
> * gnu/packages/tor.scm (tor)[arguments]: Remove '--enable-expensive-hardening' option.
Applied, thanks!
Tor was indeed consuming quite a bit of RAM on my laptop, so this is a
welcome change. Now we know what they meant with “expensive”. ;-)
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-07-31 15:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-29 17:31 [bug#27870] tor: Remove 'expensive-hardening' option ng0
2017-07-31 15:07 ` bug#27870: " Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.