From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id 6ExyJrV1KWZYMQEA62LTzQ:P1 (envelope-from ) for ; Wed, 24 Apr 2024 23:12:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 6ExyJrV1KWZYMQEA62LTzQ (envelope-from ) for ; Wed, 24 Apr 2024 23:12:21 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=Pb8KdNMT; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1713993141; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ZKTBaTTKJS/lnDOAqp01mbUjkDYnjgsWYO+DHUgNtGU=; b=clhXfe98rhDP0SMWwvQpQBi0P+xfPMuX37WavyAidthlHkps+/ONPa64+3zIPfxsK7Hd4Q 8w3AGcCS3InLsdcELdpyZ99AqnWV5NPRgMUjooQAO1ULclsKxy/zDp/BihVuBJXH+i4e8b 4cAGNu2NPNlAplyTBNJl4Rric2kdnCjkx+KFsJntwErY+MgS+noXCDbWLCeKbmvuenHr5v zzgSGv4VUgmY4cRuwLNmoFeuZrxjB/o4h1T4p3afK94itYyZDXTFUrl3jgQgAS+QJfoQ+E PPB+Vbyg8RkiTUjFp5TycbwJcSnv4D3dJ9VG/0wvdVJBJAoSQe8wWHaR9VlmQA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1713993141; a=rsa-sha256; cv=none; b=KLTC7r/5bmbJ37VxZmfV42b4EAaOKuXZFAclXNhztGWuwG1J6SSDOgp1cD/0pkWizCq2By VnVm2CgPL/SDRP0fy1qN/hYIU/YB69Db3CoU5EFrmQtnXH0JAG7poBom0+jRh9wD8svV8d azFlh9wkgPGhJg7nt2EFj5HZgZPHmSgOHFjAgO0fLEicZRMZrFSnkYQgrmuQ+D5EPZSv5P dX2ViLbeyVMXRxv9rjL6tzIkJpPLR1+gKoWu9K3LVqXu1tol79OenWiyaIsqEG3UHl8EkI 94uY/UrkHY3C+WdIFAd4ERMw3wnztReLoSKzzeoAiM1o3ZHEKEgZ5rdvHqLhsA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=riseup.net header.s=squak header.b=Pb8KdNMT; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DC08C6835A for ; Wed, 24 Apr 2024 23:12:20 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rzjuL-0000BW-1v; Wed, 24 Apr 2024 17:12:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rzjuH-0000BC-BR for bug-guix@gnu.org; Wed, 24 Apr 2024 17:11:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rzjuG-0004YJ-IF for bug-guix@gnu.org; Wed, 24 Apr 2024 17:11:56 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rzjuW-0004wF-Rz for bug-guix@gnu.org; Wed, 24 Apr 2024 17:12:12 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#70302: [bug#70341] [PATCH v3] services: tor: Add support for pluggable transports. Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 24 Apr 2024 21:12:12 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70302 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Nigko Yerden Cc: 70332@debbugs.gnu.org, 70302@debbugs.gnu.org, 70341@debbugs.gnu.org Received: via spool by 70302-submit@debbugs.gnu.org id=B70302.171399311918818 (code B ref 70302); Wed, 24 Apr 2024 21:12:12 +0000 Received: (at 70302) by debbugs.gnu.org; 24 Apr 2024 21:11:59 +0000 Received: from localhost ([127.0.0.1]:60168 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzjuC-0004sB-0e for submit@debbugs.gnu.org; Wed, 24 Apr 2024 17:11:58 -0400 Received: from mx1.riseup.net ([198.252.153.129]:55338) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rzju4-0004q1-OI; Wed, 24 Apr 2024 17:11:49 -0400 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4VPs9P376wzDqpl; Wed, 24 Apr 2024 21:11:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1713993081; bh=4Mpfp/UFd1b9VZIflQ5T6LjKjPh5d8WA8EMdBh6YfH0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Pb8KdNMT7ryyji+r11s1Mtvee6wQ+1AfkYSU/darlfyOjyRmu5GZ2L3vnNZ86HXhi Iae4P2U8iansouUDDKx4tD+6alwdwgWZX8+Eu5Jk8CQaXQgRBrHWqdV6eb71dd5QmF wyHaIXhouHDTr9Od742uwAvKpQPXGqygSZUirg0I= X-Riseup-User-ID: EC4B713CDDE1793CA0C25A09CE44E283C48F208BDCC843F933F0AD857702E801 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4VPs9M6XyTzFvfd; Wed, 24 Apr 2024 21:11:19 +0000 (UTC) Date: Wed, 24 Apr 2024 18:11:10 -0300 From: =?UTF-8?Q?Andr=C3=A9?= Batista Message-ID: References: <11e72216f4be8b6559ecc04646fd722daa5dd09d.1712846897.git.nigko.yerden@gmail.com> <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3af678c4310a58373fe1e86b84f75a1d37e02295.1713758319.git.nigko.yerden@gmail.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.89 X-Spam-Score: -1.89 X-Migadu-Queue-Id: DC08C6835A X-Migadu-Scanner: mx13.migadu.com X-TUID: IpQ4W8vCrnV+ Hi Nigko, seg 22 abr 2024 ąs 08:58:39 (1713787119), nigko.yerden@gmail.com enviou: > Pluggable transports are programs that disguise Tor traffic, which > can be useful in case Tor is censored. Pluggable transports > cannot be configured by #:config-file file exclusively because Tor > process is run via 'least-authority-wrapper' and cannot have access > to transport plugin, which is a separate executable (Bug#70302, > Bug#70332). I can confirm that the tor service is unable to fork-exec a pluggable-transport and the bootstrap process is halted at its start when trying to use a system wide bridge + PT. However, this patch does not seem to address the issue at hand, since it just creates new tor-service-type configuration options that accomplish the same as configuring on config-file directly. Have you had success with this? I had no luck. More comments bellow. > * doc/guix.texi (Networking Services): Document 'transport-plugin' and > 'pluggable-transport' options for 'tor-configuration'. > * gnu/services/networking.scm: Export 'tor-configuration-transport-plugin-path', > 'tor-configuration-pluggable-transport'. > (): Add 'transport-plugin' and 'pluggable-transport' > fields. > (tor-configuration->torrc)[transport-plugin]: Add content to 'torrc' > computed-file. > (tor-shepherd-service)[transport-plugin]: Add file-system-mapping. > > Change-Id: I64e7632729287ea0ab27818bb7322fddae43de48 > --- > doc/guix.texi | 11 ++++++++ > gnu/services/networking.scm | 54 ++++++++++++++++++++++++++----------- > 2 files changed, 49 insertions(+), 16 deletions(-) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 65af136e61..eb0837860e 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -127,6 +127,7 @@ > Copyright @copyright{} 2024 Herman Rimm@* > Copyright @copyright{} 2024 Matthew Trzcinski@* > Copyright @copyright{} 2024 Richard Sent@* > +Copyright @copyright{} 2024 Nigko Yerden@* > > Permission is granted to copy, distribute and/or modify this document > under the terms of the GNU Free Documentation License, Version 1.3 or > @@ -21849,6 +21850,16 @@ Networking Services > @file{/var/run/tor/control-sock}, which will be made writable by members of the > @code{tor} group. > > +@item @code{transport-plugin} (default: @code{#f}) > +This must be either @code{#f} or a ``file-like'' object pointing to the > +pluggable transport plugin executable. In the latter case the > +@code{#:config-file} file should contain line(s) configuring > +one or more bridges. > + > +@item @code{pluggable-transport} (default: @code{"obfs4"}) > +A string that specifies the type of the pluggable transport in > +case @code{#:transport-plugin} is not @code{#f}. > + > @end table > @end deftp > > diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm > index 8e64e529ab..6e535ea8ef 100644 > --- a/gnu/services/networking.scm > +++ b/gnu/services/networking.scm > @@ -22,6 +22,7 @@ > ;;; Copyright © 2023 Declan Tsien > ;;; Copyright © 2023 Bruno Victal > ;;; Copyright © 2023 muradm > +;;; Copyright © 2024 Nigko Yerden > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -159,6 +160,8 @@ (define-module (gnu services networking) > tor-configuration-hidden-services > tor-configuration-socks-socket-type > tor-configuration-control-socket-path > + tor-configuration-transport-plugin-path > + tor-configuration-pluggable-transport > tor-onion-service-configuration > tor-onion-service-configuration? > tor-onion-service-configuration-name > @@ -955,7 +958,11 @@ (define-record-type* > (socks-socket-type tor-configuration-socks-socket-type ; 'tcp or 'unix > (default 'tcp)) > (control-socket? tor-configuration-control-socket-path > - (default #f))) > + (default #f)) > + (transport-plugin tor-configuration-transport-plugin-path > + (default #f)) > + (pluggable-transport tor-configuration-pluggable-transport > + (default "obfs4"))) > > (define %tor-accounts > ;; User account and groups for Tor. > @@ -988,7 +995,8 @@ (define-configuration/no-serialization tor-onion-service-configuration > (define (tor-configuration->torrc config) > "Return a 'torrc' file for CONFIG." > (match-record config > - (tor config-file hidden-services socks-socket-type control-socket?) > + (tor config-file hidden-services socks-socket-type control-socket? > + transport-plugin pluggable-transport) > (computed-file > "torrc" > (with-imported-modules '((guix build utils)) > @@ -1027,6 +1035,13 @@ (define (tor-configuration->torrc config) > (cons name mapping))) > hidden-services)) > > + (when #$transport-plugin > + (format port "\ > +UseBridges 1 > +ClientTransportPlugin ~a exec ~a~%" > + #$pluggable-transport > + #$transport-plugin)) > + > (display "\ > ### End of automatically generated lines.\n\n" port) Even if it had succeded though, I'm not sure if this is the best approach to it, since it would break guix system configuration, right? How would one know beforehand which binary to point to? One would first need to install the PT and look to its path on store and then link to it in a new configuration. And then this link would have to be manualy updated. Am I missing something here? Finally, next time, try to keep the issue to a single thread. I'm replying to #70332 and #70302 just for reference, but let's keep to #70341 going forward. Cheers!